{"id":15037,"library":"vue-letter","title":"Vue Letter Email Display Component","description":"Vue-letter is a Vue.js component designed for displaying HTML or plain text email messages within Vue applications. It functions as a direct port of the `react-letter` library, offering features like wrapping content in an iframe, rewriting external resource and link URLs, and specifying allowed URL schemas. The package helps developers render email bodies while addressing potential security and styling concerns. Currently at an early version (0.2.1), it is under active development, implying its API and features are still evolving. Its main purpose is to simplify the secure rendering of email content, particularly targeting rendering compatibility similar to Gmail's approach.","status":"active","version":"0.2.1","language":"javascript","source_language":"en","source_url":"https://github.com/mat-sz/vue-letter","tags":["javascript","vue","vue-component","email","e-mail","mail","mime-message","ui","typescript"],"install":[{"cmd":"npm install vue-letter","lang":"bash","label":"npm"},{"cmd":"yarn add vue-letter","lang":"bash","label":"yarn"},{"cmd":"pnpm add vue-letter","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Peer dependency as it's a Vue.js component.","package":"vue","optional":false},{"reason":"Internally used for DOM-based HTML email sanitization.","package":"lettersanitizer","optional":false}],"imports":[{"note":"The component is designed for Vue 3's Composition API (`\n\n","lang":"typescript","description":"This quickstart demonstrates importing and using the `Letter` component to display HTML and plain text email content, including advanced props for iframe usage, link rewriting, and schema control."},"warnings":[{"fix":"Pin exact versions (e.g., `\"vue-letter\": \"0.2.1\"`) in `package.json` to prevent unexpected breaking changes on update. Regularly check the GitHub repository for updates and migration guides.","message":"The package is at an early version (0.2.1), which means its API is highly unstable and subject to significant breaking changes in minor or even patch releases. Developers should pin to exact versions and review changelogs closely for updates.","severity":"breaking","affected_versions":">=0.1.0"},{"fix":"Always pre-sanitize untrusted HTML input using a robust, well-maintained library like `DOMPurify` before passing it to the `html` prop. Example: `import DOMPurify from 'dompurify'; const safeHtml = DOMPurify.sanitize(untrustedHtml);`","message":"Despite its `react-letter` origin mentioning 'automatic sanitization', `vue-letter`'s README explicitly labels the `html` and `text` props as taking 'Unsanitized e-mail HTML contents'. This creates a critical security ambiguity. Users MUST assume the component does not perform sufficient sanitization and are responsible for pre-sanitizing any untrusted HTML or text input to prevent Cross-Site Scripting (XSS) vulnerabilities.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Carefully consider the trade-offs of using `useIframe`. If used, ensure robust CSS within the email content itself handles responsiveness, or implement post-load JavaScript to adjust iframe dimensions if necessary. Use the `iframeTitle` prop for accessibility.","message":"The `useIframe` prop, when set to `true`, wraps the email content in an `