Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@vueuse/head
Advanced tools
A Vue composition API to manage your document head.
Created by egoist, maintained by harlan-zw 💛 Support ongoing development by sponsoring us. Follow 🐦 @harlan_zw for updates • Join Discord for support |
npm i @vueuse/head
# Or Yarn
yarn add @vueuse/head
Requires vue >= v3 or >=2.7
For instructions on setting up @vueuse/head as an integration, see integration.
useHead(head: MaybeComputedRef<HeadObject>)
Used to modify the head of the document. You can call this function in any page or component.
All values are reactive and support ref and computed getter syntax.
To provide inner content you should use the textContent
attribute (previously children
which is deprecated).
Note: All values provided to useHead
will be encoded to avoid XSS injection. If you need to insert raw data use useHeadRaw
.
const myPage = ref({
description: 'This is my page',
})
const title = ref('title')
useHead({
// ref syntax
title,
meta: [
// computer getter syntax
{ name: 'description', content: () => myPage.value.description },
],
style: [
{ type: 'text/css', textContent: 'body { background: red; }' },
],
script: [
// primitive values are also fine
{
src: 'https://example.com/script.js',
defer: true
},
],
})
You can check @zhead/schema for full types.
interface HeadObject {
title?: MaybeRef<string>
titleTemplate?: MaybeRef<string> | ((title?: string) => string)
meta?: MaybeRef<HeadAttrs[]>
link?: MaybeRef<HeadAttrs[]>
base?: MaybeRef<HeadAttrs>
style?: MaybeRef<HeadAttrs[]>
script?: MaybeRef<HeadAttrs[]>
noscript?: MaybeRef<HeadAttrs[]>
htmlAttrs?: MaybeRef<HeadAttrs>
bodyAttrs?: MaybeRef<HeadAttrs>
}
useHeadRaw(head: MaybeComputedRef<HeadObject>)
Has the same functionality as useHead
but does not encode values. This is useful for inserting raw data such as scripts
and attribute events.
When inserting raw inner content you should use innerHTML
.
useHeadRaw({
bodyAttrs: {
onfocus: 'alert("hello")',
},
script: [
{
innerHTML: 'alert("hello world")',
},
],
})
For meta
tags, we use name
and property
to prevent duplicated tags, you can instead use the key
attribute if the same name
or property
is allowed:
useHead({
meta: [
{
property: "og:locale:alternate",
content: "zh",
key: "zh",
},
{
property: "og:locale:alternate",
content: "en",
key: "en",
},
],
})
To render tags at the end of the <body>
, set body: true
in a HeadAttrs Object.
useHeadRaw({
script: [
{
children: `console.log('Hello world!')`,
body: true,
},
],
})
To set the textContent
of an element, use the children
attribute:
useHead({
style: [
{
children: `body {color: red}`,
},
],
noscript: [
{
children: `Javascript is required`,
},
],
})
useHead
also takes reactive object or ref as the argument, for example:
const head = reactive({ title: "Website Title" })
useHead(head)
const title = ref("Website Title")
useHead({ title })
:warning: Experimental feature Only available when rendering SSR.
To set the render priority of a tag you can use the renderPriority
attribute:
useHead({
script: [
{
src: "/not-important-script.js",
},
],
})
useHead({
script: [
// will render first
{
src: "/very-important-script.js",
renderPriority: 1 // default is 10, so will be first
},
],
})
The following special tags have default priorities:
All other tags have a default priority of 10: ,
<Head>
componentBesides useHead
, you can also manipulate head tags using the <Head>
component:
<script setup lang="ts">
import { Head } from "@vueuse/head"
</script>
<template>
<Head>
<title>Hello World</title>
<base href="/base" />
<html lang="en-US" class="theme-dark" />
</Head>
</template>
Note that you need to use <html>
and <body>
to set htmlAttrs
and bodyAttrs
respectively, children for these two tags and self-closing tags like <meta>
, <link>
and <base>
are also ignored.
For integrating @vueuse/head with a framework.
Register the Vue plugin:
import { createApp } from "vue"
import { createHead } from "@vueuse/head"
const app = createApp()
const head = createHead()
app.use(head)
app.mount("#app")
Manage head
with the composition API useHead
in your component:
<script>
import { defineComponent, reactive } from "vue"
import { useHead } from "@vueuse/head"
export default defineComponent({
setup() {
const siteData = reactive({
title: `My website`,
description: `My beautiful website`,
})
useHead({
// Can be static or computed
title: () => siteData.title,
meta: [
{
name: `description`,
content: () => siteData.description,
},
],
})
},
})
</script>
import { renderToString } from "@vue/server-renderer"
import { renderHeadToString } from "@vueuse/head"
const appHTML = await renderToString(yourVueApp)
// `head` is created from `createHead()`
const { headTags, htmlAttrs, bodyAttrs, bodyTags } = renderHeadToString(head)
const finalHTML = `
<html${htmlAttrs}>
<head>
${headTags}
</head>
<body${bodyAttrs}>
<div id="app">${appHTML}</div>
${bodyTags}
</body>
</html>
`
createHead(head?: HeadObject | Ref<HeadObject>)
Create the head manager instance.
renderHeadToString(head: Head)
HTMLResult
export interface HTMLResult {
// Tags in `<head>`
readonly headTags: string
// Attributes for `<html>`
readonly htmlAttrs: string
// Attributes for `<body>`
readonly bodyAttrs: string
// Tags in `<body>`
readonly bodyTags: string
}
Render the head manager instance to HTML tags in string form.
MIT © EGOIST
0.9.8
FAQs
Document head manager for Vue 3. SSR ready.
The npm package @vueuse/head receives a total of 100,083 weekly downloads. As such, @vueuse/head popularity was classified as popular.
We found that @vueuse/head demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.