6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Angular ng-bind-html not sanitizing apostrophe\",\"text\":\"

I'm using ng-bind-html to sanitize HTML in a directive template:

\\n\\n

<h2><a href=\\\"{{ post.url }}\\\" ng-bind-html=\\\"post.title\\\"></a></h2>\\n

\\n\\n

The compiled output is correct, with one exception, it's not sanitizing the HTML apostrophe which is being printed as â€tm. The page is encoded as charset='utf-8'.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Foreign Object\"},\"upvoteCount\":1,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

ng-bind-html does a lot for your needs, but to go beyond the basic you should investigate the $sce service

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Steve Davis\"},\"upvoteCount\":0}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","javascript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/javascript/1","children":"javascript"}]}],["$","span","html",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/html/1","children":"html"}]}],["$","span","angularjs",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/angularjs/1","children":"angularjs"}]}],["$","span","ng-bind-html",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ng-bind-html/1","children":"ng-bind-html"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/Ujypx.jpg?s=256","alt":"Foreign Object","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1660616/foreign-object","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Foreign Object"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1640]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Angular ng-bind-html not sanitizing apostrophe"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I'm using ng-bind-html to sanitize HTML in a directive template:

\n\n

<h2><a href=\"{{ post.url }}\" ng-bind-html=\"post.title\"></a></h2>\n

\n\n

The compiled output is correct, with one exception, it's not sanitizing the HTML apostrophe which is being printed as â€tm. The page is encoded as charset='utf-8'.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",1650]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","21611520",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/b83b05bb43f4342c2d658be6ef725c2a?s=256&d=identicon&r=PG","alt":"Steve Davis","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/21131/steve-davis","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Steve Davis"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",716]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

ng-bind-html does a lot for your needs, but to go beyond the basic you should investigate the $sce service

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}],["$","div","21615868",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/7206cae5d96bb90cbd617380b85f3128?s=256&d=identicon&r=PG","alt":"bbahov","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1950014/bbahov","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"bbahov"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",109]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

I'm not really sure if I understand your question but why don't try escaping the appostrophe with slash? Like

\n\n

\\\"\n

\n\n

\\'\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","26388875",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26388875","className":"text-blue-600 hover:underline","children":"ng-bind-html - with angular-sanitize - throws error in console"}]}],["$","li","14726938",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/14726938","className":"text-blue-600 hover:underline","children":"Angular sanitize / ng-bind-html not working?"}]}],["$","li","33432876",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/33432876","className":"text-blue-600 hover:underline","children":"Angular ng-bind-html / sanitize does not work"}]}],["$","li","40788937",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40788937","className":"text-blue-600 hover:underline","children":"ng-bind-html not working with my $scope.variable"}]}],["$","li","22967475",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/22967475","className":"text-blue-600 hover:underline","children":"AngularJS - HTML in JS - Escaping single quote"}]}],["$","li","40085697",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40085697","className":"text-blue-600 hover:underline","children":"rendering ng-bind with extra characters in the expression"}]}],["$","li","19264586",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19264586","className":"text-blue-600 hover:underline","children":"Escaping & > characters in ng-bind in AngularJs"}]}],["$","li","22506371",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/22506371","className":"text-blue-600 hover:underline","children":"Cannot make Angular sanitize / ng-bind-html to work"}]}],["$","li","19145785",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19145785","className":"text-blue-600 hover:underline","children":"Angular ng-bind-html-unsafe expression"}]}],["$","li","17228041",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17228041","className":"text-blue-600 hover:underline","children":"ng-bind-html-unsafe not parsing html in angularjs"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Angular ng-bind-html not sanitizing apostrophe

Answers (2)

Related Questions