Hi,
We have a false positif when we fix the security hot-spot Make sure bypassing Vue built-in sanitization is safe here.
We use Vue3Sanitize to make the sanitize 
You can see more explanation on the picture !
Thanks, @VincentM, for raising this topic to our attention. As this rule is a Security Hotspot, it’s expected to raise an issue for verifications requiring manual validation. You can mark it as reviewed to acknowledge that vue-3-sanitize it is safe here. For the moment, we don’t officially consider this dependency safe.
I am getting same issue, how to fix this? Even though after sanitizing url using braintree/sanitize-url package, still getting same issue in sonar check.