John Henckel
Reputation: 11357
How to undo bypassSecurityTrustHtml, i.e convert SafeValue back to string
I am generating html, and inserting it into my web page using
let data = '<font color=blue>hello world</font>';
this.safevalue = this.domSanitizer.bypassSecurityTrustHtml(data);
Elsewhere in my code I want to convert the safe value back into a string, so I tried this...
data = this.safevalue.toString();
but this sets data to a string like this...
'SafeValue must use [property]=binding: (see http://g.co/ng/security#xss)'
which is not helpful
Upvotes: 7
Views: 4280
Answers (2)
DeBorges
Reputation: 740
I don't know if you already found a fix for this, but, if you just want the original value, marked as safe:
var yourString = this.domSanitizer.sanitize(SecurityContext.HTML, data)
Upvotes: 14
John Henckel
Reputation: 11357
I've dug through the source code and it appears that it is not possible to get the original string from a SafeValue. So I guess I'll have to keep parallel data array for all the unsafe values.
Upvotes: 0
Related Questions
- Angular bypassSecurityTrustResourceUrl not working as expected
- bypassSecurityTrustHtml disables anchor tag while displaying html using [innerHtml]
- bypassSecurityTrustHtml and bypassSecurityTrustScript in Angular2 with JavaScript
- Sanitizing scripts with bypassSecurityTrustStyle in Angular
- Angular bypassSecurityTrustResourceUrl saying any argument is undefined
- How to get the sanitized value (the html string) from SafeHtml object?
- bypasssecuritytrust from DomSanitizer not working (Angular 2)
- The using of bypassSecurityTrustHtml seems to break hyperlink
- Angular 2 - bypasscecurity
- sanitizing unsafe URL value javascript