Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-18 09:10:50 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-18 09:10:50 +0300
commit: c2f65d6e6f569415fe60e40aec5be6458d6a99bb (patch)
tree: 133300137ca292ecce5036d7952d29134643d476 /doc/development/secure_coding_guidelines.md
parent: a3633566291bf9889f2e03e7e2d472f5bc5a5c9f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md
index c102e99720f..e99926663dd 100644
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -410,7 +410,7 @@ References:
 #### XSS mitigation and prevention in JavaScript and Vue
 
 - When updating the content of an HTML element using JavaScript, mark user-controlled values as `textContent` or `nodeValue` instead of `innerHTML`.
-- Avoid using `v-html` with user-controlled data, use [`v-safe-html`](https://gitlab-org.gitlab.io/gitlab-ui/?path=/story/directives-safe-html-directive--default) instead.
+- Avoid using `v-html` with user-controlled data, use [`v-safe-html`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/assets/javascripts/vue_shared/directives/safe_html.js) instead.
 - Render unsafe or unsanitized content using [`dompurify`](fe_guide/security.md#sanitize-html-output).
 - Consider using [`gl-sprintf`](../../ee/development/i18n/externalization.md#interpolation) to interpolate translated strings securely.
 - Avoid `__()` with translations that contain user-controlled values.
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-18 09:10:50 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-18 09:10:50 +0300
commit	c2f65d6e6f569415fe60e40aec5be6458d6a99bb (patch)
tree	133300137ca292ecce5036d7952d29134643d476 /doc/development/secure_coding_guidelines.md
parent	a3633566291bf9889f2e03e7e2d472f5bc5a5c9f (diff)