I use <div [innerHTML]="body"></div>
to pass unescaped HTML to my template, and when I pass to body
div
with attribute id
, Angular throw:
WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss). WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss). WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss).
So why it says this? What can be dangerous id
in div
? Could this bug?
Simple solution is to write pipe like
import { Pipe, PipeTransform } from "@angular/core";
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
@Pipe({
name: 'sanitizeHtml'
})
export class SanitizeHtmlPipe implements PipeTransform {
constructor(private _sanitizer:DomSanitizer) {
}
transform(v:string):SafeHtml {
return this._sanitizer.bypassSecurityTrustHtml(v);
}
}
add in your html file add pile like
<td *ngIf="i>0" [innerHTML]="entry.attributes[i] | sanitizeHtml"></td>