🔧 Bug Fixes
⚠️ BREAKING CHANGES
A low impact security vulnerability was identified with the v-messages component. Using the value prop, it was possible to perform an XSS attack.
NOTICE
If you are not using HTML for the props rules, messages, hint, success-messages or error-messages, you do not need to do anything.
All values for v-message are now escaped. This primarily affects inputs as they use v-message for rule and hint output. To accommodate this change, a scoped slot has been added for users who
need to customize the styling of messages as they will no longer render html.
Components this fix impacts:
v-autocompletev-checkboxv-comboboxv-file-inputv-inputv-messagesv-overflow-btnv-radio-groupv-selectv-sliderv-switchv-textareav-text-field
<!-- v2.1.8 -->
<v-text-field :rules="['<em>Foo<em>']" /><!-- v2.1.9 -->
<v-text-field :rules="['Foo']">
<template v-slot:message="{ message, key }">
<em :key="key">{{ message }}</em>
</template>
</v-text-field>If you have any questions, please reach out to us in our community, https://community.vuetifyjs.com