发表新帖
发表新帖

Safe value must use [property]=binding after bypass security with DomSanitizer

前端 未结
关注
5 1150
我寻月下人不归
我寻月下人不归 2020-12-05 13:18
相关标签:
5条回答
  • 不知归路
    2020-12-05 13:37

    As the error message says, the sanitized HTML needs to be added using property binding:

    <p [innerHTML]="massTimingsHtml"></p>

    constructor(private domSanitizer:DomSanitizer) {
  this.massTimingsHtml = this.getInnerHTMLValue();
}
getInnerHTMLValue(){
  return this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);
}

    StackBlitz example (based on Swapnil Patwa's Plunker - see comments below)

    0 讨论(0)
  • 慢半拍i
    2020-12-05 13:38

    I was getting this error when using an iframe so there I fixed using [src] as below:

    Import this:

    import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
constructor(private sanitizer: DomSanitizer, ....other DI){}

    In ts file

    getSafeUrl() {
        return this.sanitizer.bypassSecurityTrustResourceUrl(this.url);     
}

    In html file

    <iframe [src]="getSafeUrl()" frameborder="0" *ngIf="url"></iframe>

    This method is quite cycle consuming as it'll call the function multiple time so it's better to sanitize URL inside lifeCycleHooks like ngOnInit().

    You can use pipes as well for better performance:

    <div [innerHtml]="htmlValue | byPassSecurity"></div>


import { Pipe, PipeTransform, SecurityContext } from "@angular/core";
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';

@Pipe({
    name: 'byPassSecurity'
})
export class ByPassSecurityPipe implements PipeTransform {

    constructor(private sanitizer: DomSanitizer) {}

    transform (value: string): SafeHtml {
        return this.sanitizer.bypassSecurityTrustHtml(value);
    }
}
    0 讨论(0)
  • 清歌不尽
    2020-12-05 13:45

    I got a same error while using MATHJAX in angular 7. I resolved by below pipe transform. 100% work perfectly

    //Sanitize HTML PIPE

    import { Pipe, PipeTransform, SecurityContext } from "@angular/core";
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';

@Pipe({
    name: 'sanitizeHtml'
})
export class SanitizeHtmlPipe implements PipeTransform {

    constructor(private _sanitizer: DomSanitizer) {
    }

    transform(value: string): SafeHtml {
        return this._sanitizer.sanitize(SecurityContext.HTML, this._sanitizer.bypassSecurityTrustHtml(value))
    }
}
    0 讨论(0)
  • 小鲜肉
    2020-12-05 13:48

    My Solution using Pipe.

    HTML

    <div [innerHtml]="htmlValue | byPassSecurity"></div>

    Pipe

    import { Pipe, PipeTransform, SecurityContext } from "@angular/core";
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';

@Pipe({
    name: 'byPassSecurity'
})
export class ByPassSecurityPipe implements PipeTransform {

    constructor(private sanitizer: DomSanitizer) {}

    transform (value: string): SafeHtml {
        return this.sanitizer.bypassSecurityTrustHtml(value);
    }
}
    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-05 13:50

    You need to sanitize() the safevalue like this :

    this.domSanitizer.sanitize(SecurityContext.HTML,this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings));
    0 讨论(0)
 看不清?
提交回复
热议问题