Commit Graph

2 Commits

  • feat(rules): add Vue architecture patterns and security rules
    Add rules/vue/patterns.md:
    - Presentational vs Container component design
    - Provide/Inject, Scoped Slots, Teleport (with 3.5+ defer prop)
    - State management decision tree and Pinia Setup Store patterns
    - Vue Router navigation guards, lazy loading, reactive route params
    - v-for/v-if patterns, v-model (Vue 3.4+ defineModel)
    - Scoped CSS (:deep, :slotted), KeepAlive with max, Dynamic Components
    - Vue 3.5+ new APIs: useId(), data-allow-mismatch, Suspense
    - Nuxt-specific patterns and Vue 2 migration notes
    
    Add rules/vue/security.md:
    - v-html XSS audit (DOMPurify sanitization checklist)
    - Unsafe URL binding validation (javascript:/data: scheme prevention)
    - Custom directive innerHTML injection
    - Secret exposure via VITE_ prefix and Nuxt runtimeConfig
    - Nuxt Nitro server API input validation with zod
    - localStorage/sessionStorage token risks, SSR browser API guards
    - target=_blank rel=noopener, CSP minimum policy
    - Prototype pollution, source maps in production
    - Vue 3.5+ SSR hydration mismatch security notes