Steve D
Reputation: 617
Sanitizing CSS with Angular's DomSanitizer
I want to sanitize some CSS before I inject it into a <style> tag in the <head> of my app.
I am passing it through the DomSanitizer like this:
const safeCSS = this.domSanitzer.sanitize(SecurityContext.STYLE, css);
But I am getting this error message in the console, which thinks my CSS is unsafe.
WARNING: sanitizing unsafe style value [MY_CSS_HERE]
I want to understand why Angular thinks my CSS is unsafe.
I've put my CSS on codepen as it's quite large, but really simple.
See https://codepen.io/stevedeighton/pen/OvgLVb
Any ideas?
Thanks!
Upvotes: 3
Views: 5160
Answers (1)
Efe
Reputation: 5796
You should use bypassSecurityTrustStyle(value: string) instead of sanitize().
Here is the example.
Upvotes: 1
Related Questions
- Style is not applied after sanitization and [innerHTML]
- Why are css rules not being applied to dom sanitized angular strings injected into html?
- Angular 8 DomSanitizer whitelist?
- Unable to bypass angular sanitize security
- Angular dom sanitize not working correctly
- Replace $sanitize implementation in angular with DOMPurify?
- Angular, DomSanitizer, bypassSecurity script
- Angular 2 DomSanitizer: Cannot trust both HTML and CSS without also allowing JavaScript
- Sanitize untrusted CSS using Angular $sce.getTrustedCss
- Is there a safe workaround to Angular 2's style attribute sanitization?