Release v0.9.0 · vueuse/head

fix: return remove fn from addHeadObj, fixes #48
feat: useHeadRaw to bypass XSS protections (#118)
fix(ssr): encode children, href and url more appropriately (#119)

⚠️ Breaking Changes

Event attributes no longer allowed

Warning, you must use useHeadRaw to set event listeners.

Providing on event attributes with useHead is no longer allowed and will throw a warning, this is to avoid unexpected XSS. You will need to use useHeadRaw

New Syntax:

useHeadRaw({
  htmlAttrs: {
    onfocus: 'console.log(\'focused\')
  }
})

`script` tags with `children` will no longer work with `useHead`

Warning, you must use useHeadRaw with innerHTML for script content.

Previously you could render scripts server-side correctly without encoding. This was an XSS issue, you should now use the following syntax:

useHeadRaw({
  script: [
    {
      innerHTML: 'console.log(\'my script!\')
    }
  ]
})

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v0.9.0

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

⚠️ Breaking Changes

Event attributes no longer allowed

`script` tags with `children` will no longer work with `useHead`

Uh oh!

Uh oh!

v0.9.0

⚠️ Breaking Changes

Event attributes no longer allowed

script tags with children will no longer work with useHead

Uh oh!

`script` tags with `children` will no longer work with `useHead`