useHeadSafe

The recommended way to provide head data with user input.

The useHeadSafe composable is a wrapper around the useHead composable that restricts the input to only allow safe values.

Usage

You can pass all the same values as useHead

useHeadSafe({
  script: [
    { id: 'xss-script', innerHTML: 'alert("xss")' }
  ],
  meta: [
    { 'http-equiv': 'refresh', content: '0;javascript:alert(1)' }
  ]
})
// Will safely generate
// <script id="xss-script"></script>
// <meta content="0;javascript:alert(1)">

Read more on the Unhead documentation.

Type

useHeadSafe(input: MaybeComputedRef<HeadSafe>): void

The list of allowed values is:

const WhitelistAttributes = {
  htmlAttrs: ['class', 'style', 'lang', 'dir'],
  bodyAttrs: ['class', 'style'],
  meta: ['name', 'property', 'charset', 'content', 'media'],
  noscript: ['textContent'],
  style: ['media', 'textContent', 'nonce', 'title', 'blocking'],
  script: ['type', 'textContent', 'nonce', 'blocking'],
  link: ['color', 'crossorigin', 'fetchpriority', 'href', 'hreflang', 'imagesrcset', 'imagesizes', 'integrity', 'media', 'referrerpolicy', 'rel', 'sizes', 'type'],
}

See @unhead/vue for more detailed types.

Report an issue or Edit this page on GitHub

useHead

useHead customizes the head properties of individual pages of your Nuxt app.

useHydration

Allows full control of the hydration cycle to set and receive data from the server.