Reputation: 51
Angular dom sanitize not working correctly
I used angular dom sanitizer to get html from a text area. It works perfectly for the first time after rendering the whole project, but the second time after revisit the component I got this message:
SafeValue must use [property]=binding: My text (see http://g.co/ng/security#xss).
I already pass the content with property binding using the inner-html property
const desc=this.sanitizer.bypassSecurityTrustHtml(this.ticket.description);
this.ticket.description = desc;
<p class="desc" [innerHTML]="ticket.description"></p>
I expected my plain text but i got that output described above.
Upvotes: 1
Views: 1581
Answers (2)
Reputation: 1
binding method in html leads to lot of ambiguity as follow. that method keeps on hitting by html, in your case in ngOninit it is working fine that means your logic is working fine , now write same logic in ngonchanges(keep it in ngonint too) it will work fine
<p class="desc" [innerHTML]="sanitizer.bypassSecurityTrustStyle(ticket.description)"></p>Upvotes: 0
Reputation: 135
you can bind directly like below:
<p class="desc" [innerHTML]="sanitizer.bypassSecurityTrustStyle(ticket.description)"></p>
Upvotes: 1
Related Questions
- Unexpected behavior when sanitizing unsafe URLs?
- Angular DomSanitizer: Sanitizing Mask-Image Not Working
- Why are css rules not being applied to dom sanitized angular strings injected into html?
- Angular Dom Sanitizer HTML cannot copy text
- Unable to bypass angular sanitize security
- Angular, DomSanitizer, bypassSecurity script
- Sanitizing CSS with Angular's DomSanitizer
- Angular sanitize / ng-bind-html not working?
- Angular2 innerHTML removes property, help needed to use DomSanitizer
- Cannot make Angular sanitize / ng-bind-html to work