bsr
Reputation: 58692
Angularjs: preview sanitized html
Please find the plnkr
I want to display some html preview. The html is already sanitized at the server (for eg: "<b>HELLO</b>"). How can I display the html form. In the example, I want to display myHtml2 as displayed for myHtml (first preview).
html
<div ng-controller="myController">
<div ng-bind-html="myHtml"></div>
<div ng-bind-html="myHtml2"></div>
<div >{{myHtml2}}</div>
</div>
js
myApp.controller('myController', ['$scope', '$sce', function myController($scope, $sce){
$scope.myHtml = "<b>HELLO</b>";
$scope.myHtml2 = "<b>HELLO</b>";
}]);
out
HELLO
<b>HELLO</b>
<b>HELLO</b>
Upvotes: 1
Views: 2331
Answers (1)
musically_ut
Reputation: 34288
You just need to use $sce.trustAsHtml and unsanitize HTML on your client: http://plnkr.co/edit/h2loxWsPJOELhNvkfHmK?p=preview
// From: https://stackoverflow.com/questions/1912501/unescape-html-entities-in-javascript
function htmlDecode(input){
var e = document.createElement('div');
e.innerHTML = input;
return e.childNodes.length === 0 ? "" : e.childNodes[0].nodeValue;
}
myApp.controller('myController', ['$scope', '$sce', function myController($scope, $sce){
$scope.myHtml = "<b>HELLO</b>";
$scope.myHtml2 = $sce.trustAsHtml(htmlDecode("<b>HELLO</b>"));
}]);
htmlDecode from: Unescape HTML entities in Javascript?
However, I would not recommend taking this approach. It feels very hackish and I suspect could lead to vulnerabilities on your site.
Upvotes: 1
Related Questions
- Angular - how to make angular parse sanitized html
- Angular, DomSanitizer, bypassSecurity script
- AngularJs sanitizing and displaying html
- Sanitizing ng-content for code snippets
- AngularJS and Sanitize - Sanitize HTML without ngBind Directive
- Angular JS - How can I sanitize HTML in a controller?
- Angular: Can I completely disable sanitizing?
- Sanitizing script in AngularJS
- decode characters to html using angularjs $sanitize
- angularjs sanitize to remove only JS