In testing nearly equivalent viewing of parts of documents as Wikipedia Explorer but using Vue I came across a most terrifying oddity in the JSON / HTML interaction. When given a page with included HTML, such as background.html from this Stack Overflow question, you need to escape the HTML and even certain Unicode whitespace characters. Without doing this properly you leave yourself open to XSS attacks.
This issue echoes Douglas Crockford's quote on the complexities of the web as an ill defined polyglot language:
The architecture of the Web has several languages in it - there's HTTP, there's HTML, URLs are a language, there's CSS, and there's the scripting language. They're all in there and at they can all be embedded in each other and they all have different quoting and escaping and commenting conventions. And they are not consistently implemented in all of the browsers. Some of them are not specified anywhere.