How to inject HTML into a template with polymer
I\'m using polymer-jsonp to perform JSONP requests, but the response sometimes contains html.
For example, supposing that post.content is \"Foo&l
-
Polymer will not stamp unescaped HTML via data-binding because it becomes a vulnerability for XSS attacks.
There are talks ongoing about making it possible to stamp HTML under limited circumstance, or to allow for customized filtering, but this is not implemented yet at the data layer.
It is possible to do what you want today using an additional custom element, but again, be advised of the potential for bad things to happen if you render untrusted HTML into your page.
Here is an example that shows this technique:
http://jsbin.com/durajiwo/1/edit
加载中...
- 热议问题