猿问

如何使用$sce.TrustAsHtml(String)复制ng-bind-html-角1.2+中

如何使用$sce.TrustAsHtml(String)复制ng-bind-html-角1.2+中的不安全

ng-bind-html-unsafe移除角1.2

我在努力实现我需要使用的东西ng-bind-html-unsafe..在文档和GitHub提交文件中,他们说:

Ng-bind-html提供了ng-html-绑定-不安全的类似行为(innerHTML的结果没有卫生化),当绑定到$sce.TrustAsHtml(String)的结果时。

你怎么做到的?


慕村225694
浏览 1015回答 3
3回答

largeQ

这应该是:<div&nbsp;ng-bind-html="trustedHtml"></div>加上你的控制器:$scope.html&nbsp;=&nbsp;'<ul><li>render&nbsp;me&nbsp;please</li></ul>';$scope.trustedHtml&nbsp;=&nbsp;$sce.trustAsHtml($scope.html);而不是旧的语法,您可以在其中引用$scope.html直接变量:<div&nbsp;ng-bind-html-unsafe="html"></div>正如几位评论者所指出的,$sce必须在控制器中注入,否则您将得到$sce undefined错误。&nbsp;var&nbsp;myApp&nbsp;=&nbsp;angular.module('myApp',[]); &nbsp;myApp.controller('MyController',&nbsp;['$sce',&nbsp;function($sce)&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp;//&nbsp;...&nbsp;[your&nbsp;code] &nbsp;}]);

守着一只汪

滤光器app.filter('unsafe',&nbsp;function($sce)&nbsp;{&nbsp;return&nbsp;$sce.trustAsHtml;&nbsp;});使用<ANY&nbsp;ng-bind-html="value&nbsp;|&nbsp;unsafe"></ANY>

qq_笑_17

就我个人而言,在进入数据库之前,我使用一些PHP库对所有数据进行净化,因此我不需要再使用XSS过滤器。来自AngularJS 1.0.8directives.directive('ngBindHtmlUnsafe',&nbsp;[function()&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;function(scope,&nbsp;element,&nbsp;attr)&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;element.addClass('ng-binding').data('$binding',&nbsp;attr.ngBindHtmlUnsafe); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;scope.$watch(attr.ngBindHtmlUnsafe,&nbsp;function&nbsp;ngBindHtmlUnsafeWatchAction(value)&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;element.html(value&nbsp;||&nbsp;''); &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}); &nbsp;&nbsp;&nbsp;&nbsp;}}]);使用:<div&nbsp;ng-bind-html-unsafe="group.description"></div>禁用$sce:app.config(['$sceProvider',&nbsp;function($sceProvider)&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp;$sceProvider.enabled(false);}]);
随时随地看视频慕课网APP
我要回答