Make sure bypassing Vue built-in sanitization is safe here

<div v-html="this.getNormalMessage()"></div>

We are using "vue": "^2.5.17". While running a sonarqube report we got these hotspots "Make sure bypassing Vue built-in sanitization is safe here." for the above code snippet. Using v-html is causing this hotspot in sonarqube report. getNormalMessage is function which returns htmlContent.

we tried the solutions like

<div>{{ getNormalMessage }}</div>

but these solutions are converting content into a plain text. In our case we needed it to be rendered as html. Do we have better solutions ?

Solution

As mentioned here, you can use vue-dompurify-html.
Be careful, only the v2.5.2 has still Vue2 support, then it's dropped.

how to download a csv generated from papaparse?
laravel/vue design: different ways to handle a loader on a SPA while laravel is processing a job
How can I read values from a static config.json file to TypeScript in a Vue file after running build:electron in Vue CLI 3?
Service worker not generated when building vue 3
Is it ok to detach and reattach Vue.js nodes outside a Vue.js document?
Vite, VueJs, Inertia, SSR and dynamic javascript package loading
Cookies headers are present but Cookies are not stored in browser
defineConfig is undefined when required from @vue/cli-service - vue.config.js
duplicate "Unknown at rule @apply css(unknownAtRules)" errors in Vue.js project
Validated a lazy load component when auto filling it with data
Vuetify3 autocomplete with per-item tooltips not clickable
Why using toRef(props) and is it good idea to change their value in CompositionAPI?
How to use axios to get a file stored in s3
Nuxt i18n: Failed to resolve import “locales/en.json” (Does the file exist?)
Unexpected First Line Indentation
Skipping larger chunks while running "Npm run build"
How to write e2e tests with Cypress for a Vue Tailwind CSS app?
Refused to apply style from '' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled
What is ServerPlaceholder in Nuxt.js and how is it used?
How to use vite build use another config file instead of vite.config.js
AWS Amplify Auth - The requested module does not provide an export named 'Auth'
VueJS: Is it possible to use spread operator for computed properties?
Vuejs: V-HTML data binding of html data against eslint rule
Vue.js "Maximum call stack size exceeded" error. Passing data from parent to child failing
How to get an Array data with custom Component in Vue
JavaScript function re-use in different Vue templates
Applying the page state when the user gets redirected to an already visited Page
<h1> element vs "text-h1" class
What are the differences between the app.vue and pages/index.vue files in Nuxt?
Jest error Could not locate module .... mapped as: