refactor(security): mark potential unsafe code paths

2020-02-12 15:00:32 -05:00
parent 8b7c162125
commit 8e19424c04
3 changed files with 12 additions and 0 deletions
--- a/packages/runtime-dom/src/modules/props.ts
+++ b/packages/runtime-dom/src/modules/props.ts
@@ -1,3 +1,7 @@
+// __UNSAFE__
+// Reason: potentially setting innerHTML.
+// This can come from explicit usage of v-html or innerHTML as a prop in render
+// functions. The user is reponsible for using them with only trusted content.
 export function patchDOMProp(
  el: any,
  key: string,