SSR-Compatible Security Directives

Snippet

SSR-Compatible Security Directives

This expert pattern creates a custom directive for secure HTML rendering that supports both client-side mounting and Server-Side Rendering (SSR). By implementing getSSRProps, Vue can safely render the sanitized content on the server, preventing XSS while maintaining hydration consistency.

snippet.js
javascript
app.directive('secure-html', {
  mounted(el, binding) {
    el.innerHTML = DOMPurify.sanitize(binding.value);
  },
  getSSRProps(binding) {
    return {
      innerHTML: DOMPurify.sanitize(binding.value)
    };
  }
});

vue

Breakdown

getSSRProps(binding)

Special hook that allows the directive to contribute props during the server-side rendering process.

DOMPurify.sanitize(binding.value)

Uses a robust library to strip malicious scripts from the input string before it touches the DOM.

Previous snippet Next snippet

More Expert JavaScript exercises →

From your library

SSR-Compatible Security Directives

Related