Reputation: 311
Angular2 dynamically insert script tag
I'm getting from server content into json object field, where it is html, <style></style> and <script></script> tags, and I want to execute it like this:
[innerHtml]="content | sanitize", but <script></script> tags do not execute. Is it possible to make it work?
My sanitize pipe looks like this:
import {Pipe} from '@angular/core';
import {DomSanitizationService} from '@angular/platform-browser';
@Pipe({
name: 'sanitize',
pure: true
})
export class Sanitize {
constructor(private sanitizer: DomSanitizationService) {
}
transform(html: string) {
return this.sanitizer.bypassSecurityTrustHtml(html);
}
}
I know, that there is bypassSecurityTrustScript function in DomSanitizationService, but how can I use it in my case?
Upvotes: 8
Views: 10372
Answers (3)
Reputation: 1321
This will solve the issue...
import { Pipe } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
@Pipe({
name: 'sanitize',
pure: true
})
export class Sanitize {
constructor(private domSanitizer: DomSanitizer) { }
handleExternalScriptsInHtmlString(string) {
let that = this;
var parser = new DOMParser();
var scripts = parser.parseFromString(string, 'text/html').getElementsByTagName('script');
var results = [];
for (var i = 0; i < scripts.length; i++) {
var src = scripts[i].getAttribute('src');
if (src.length && results.indexOf(src) === -1) {
results.push(src);
that.addScript(src);
}
}
return results;
}
addScript(src) {
var script = document.createElement('script');
script.setAttribute('src', src);
document.body.appendChild(script);
}
transform(htmlContent: any) {
let sanitizeHtmlContent = this.domSanitizer.bypassSecurityTrustHtml(htmlContent);
this.handleExternalScriptsInHtmlString(htmlContent);
return sanitizeHtmlContent;
}
}
Upvotes: 2
Reputation: 1321
There is no angular way... You need to do it like this....
import { Pipe } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
@Pipe({
name: 'sanitize',
pure: true
})
export class Sanitize {
constructor(private domSanitizer: DomSanitizer) { }
handleExternalScriptsInHtmlString(string) {
let that = this;
var parser = new DOMParser();
var scripts = parser.parseFromString(string, 'text/html').getElementsByTagName('script');
var results = [];
for (var i = 0; i < scripts.length; i++) {
var src = scripts[i].getAttribute('src');
if (src.length && results.indexOf(src) === -1) {
results.push(src);
that.addScript(src);
}
}
return results;
}
addScript(src) {
var script = document.createElement('script');
script.setAttribute('src', src);
document.body.appendChild(script);
}
transform(htmlContent: any) {
let sanitizeHtmlContent = this.domSanitizer.bypassSecurityTrustHtml(htmlContent);
this.handleExternalScriptsInHtmlString(htmlContent);
return sanitizeHtmlContent;
}
}
Upvotes: 1
Reputation: 311
It's not an angular 2's problem, script tags inserted via innerHTML are not executed.
If you have html string that contains script tags insert it this way:
const fragment = document.createRange().createContextualFragment(yourHtmlString);
anyElement.appendChild(fragment);
Upvotes: 27
Related Questions
- How to embed a script tag into Angular component
- Angular 2 how to execute script tag from innerHTML
- Need to insert Script tag in angular 2
- Angular 5 adding html content dynamically
- Angular 2 dynamically create html tag
- Angular add .js script to service
- How to adapt script tag to Angular?
- How to embed a script tag in an angular component?
- Angular2 add HTML to dynamic elements
- Add script tag inside html in angularjs