React, Flux, GraphQL, Hack, HHVM...? All of this and more!
Boris Bera has released a proof of concept of an XSS vulnerability when using Vue.js with server side rendering. Based on string templates, allowing attackers to target Vue.js through injection of code via malformed templates.
Vue.js, the popular front end library for building apps has grown to be a challenger to React.js, and has in practice taken the Angular.js successorship as Angular focused on more enterprisey need with version 2 onwards. This has allowed Vue to catch market share from developers who find React.js learning curve to be too steep.
More details on the case on GitHub: https://github.com/dotboris/vuejs-serverside-template-xssTweet