Reputation: 357
Unable to bypass angular sanitize security
I have a wysiwyg editor (angular-editor):
<angular-editor [(ngModel)]="code" name="code"></angular-editor>
Below the editor I'm trying to use ngx-highlightjs:
<pre>
<code [highlight]="code" [lineNumbers]="true"></code>
</pre>
So, when I type in editor something like <p>test</p>, I'd like code (ngModel) be <p>test</p> instead <p>test</p> so it become highlighted in <code></code>.
I've tryed using a pipe:
transform(html: string): SafeHtml {
return this.sr.bypassSecurityTrustHtml(html);
}
It's not working and anyway the value can be HTML, JS, any language and probably multiple language so I cannot bypass both HTML and JS (I guess it because there are trustHTML and trustScript methods).
So, how code can be <p>test</p> (the answer should not cover only HTML by pass but any language, either <script>...</script>) instead <p>test</p>?
I think I cannot use DomSanitizer class because it cover HTML or Script, not both.
NB: I don't even care about security, only I will use the app.
Upvotes: 1
Views: 1144
Answers (1)
Related Questions
- Angular 2, DomSanitizer, bypassSecurityTrustHtml, SVG
- Angular bypassSecurityTrustResourceUrl not working as expected
- Angular 8 DomSanitizer whitelist?
- Angular DomSanitizer - SecurityContext.NONE
- Angular dom sanitize not working correctly
- Angular bypassSecurityTrustResourceUrl saying any argument is undefined
- Angular, DomSanitizer, bypassSecurity script
- Angular 5 bypassSecurityTrustUrl is not working
- Sanitizing CSS with Angular's DomSanitizer
- bypasssecuritytrust from DomSanitizer not working (Angular 2)