I used to be able to use ng-bind-html-unsafe
to output unsanitized code (because sanitization happens serverside).
But now that option is gone? I know I can use $sce.trustAsHtml
but adding that to the JavaScript all over the place is a huge pain when unsafe was so easy to use.
How do I get unsafe back?
Simpler again.
App.filter('unsafe', ['$sce', function ($sce) {
return function (val) {
return $sce.trustAsHtml(val);
};
}]);
Usage:
<any ng-bind-html="content | unsafe"></any>
For more on html binding check the docs here.
Just a warning: make sure you actually trust the html, or you could be opening a hole in your sites security.