Angularjs ng-bind-html-unsafe replacement
[英]Angularjs ng-bind-html-unsafe replacement
问题描述
I used to be able to use ng-bind-html-unsafe to output unsanitized code (because sanitization happens serverside). 
我以前能够使用ng-bind-html-unsafe输出未经过处理的代码(因为sanitization发生在服务器端)。
But now that option is gone? 但现在这个选择消失了吗? I know I can use $sce.trustAsHtml but adding that to the JavaScript all over the place is a huge pain when unsafe was so easy to use. 我知道我可以使用$sce.trustAsHtml但是当不安全易于使用时,将它添加到整个地方的JavaScript是一个巨大的痛苦。
How do I get unsafe back? 我怎么得到不安全的回复?
4 个解决方案
解决方案1
22 2014-02-24 04:50:49
Simpler again. 再简单一点。
App.filter('unsafe', ['$sce', function ($sce) {
return function (val) {
return $sce.trustAsHtml(val);
};
}]);
Usage: 用法:
<any ng-bind-html="content | unsafe"></any>
For more on html binding check the docs here. 有关html绑定的更多信息,请查看此处的文档。
Just a warning: make sure you actually trust the html, or you could be opening a hole in your sites security. 只是一个警告:确保您真正信任html,或者您可能在您的网站安全性中打开一个漏洞。
解决方案2
17 已采纳 2013-09-21 00:04:41
Well, it's quite simple to just create your own directive, here is an example. 好吧,创建自己的指令非常简单,这是一个例子。
Directive : 指令 :
app.directive('bindHtmlUnsafe', function( $compile ) {
return function( $scope, $element, $attrs ) {
var compile = function( newHTML ) { // Create re-useable compile function
newHTML = $compile(newHTML)($scope); // Compile html
$element.html('').append(newHTML); // Clear and append it
};
var htmlName = $attrs.bindHtmlUnsafe; // Get the name of the variable
// Where the HTML is stored
$scope.$watch(htmlName, function( newHTML ) { // Watch for changes to
// the HTML
if(!newHTML) return;
compile(newHTML); // Compile it
});
};
});
Usage : 用法 :
<div bind-html-unsafe="testHTML"></div>
Demo: http://jsfiddle.net/cC5VZ/2 演示: http : //jsfiddle.net/cC5VZ/2
解决方案3
1 2014-02-08 03:12:13
Simplest way, without $sce: 最简单的方法,没有$ sce:
module.directive('html', function() {
function link(scope, element, attrs) {
var update = function() {
element.html(scope.html);
}
attrs.$observe('html', function(value) {
update();
});
}
return {
link: link,
scope: {
html: '='
}
};
});
How to use: 如何使用:
<div html="angular.variable"></div>
解决方案4
0 2014-08-13 19:10:03
I would strongly recommend checking out this SIMPLE JSFiddle example. 我强烈建议您查看这个SIMPLE JSFiddle示例。 Was a lifesaver: 是一个救星:
http://jsfiddle.net/cC5VZ/2/ http://jsfiddle.net/cC5VZ/2/
<div ng-app="ngBindHtmlExample">
<div ng-controller="ngBindHtmlCtrl">
<p ng-bind-html="myHTML" compile-template></p>
</div>
</div>
var app = angular.module('app', []);
app.controller('testApp', function( $scope ) {
$scope.testHTML = '<h1> Welcome :) </h1>';
});
app.directive('bindHtmlUnsafe', function( $parse, $compile ) {
return function( $scope, $element, $attrs ) {
var compile = function( newHTML ) {
newHTML = $compile(newHTML)($scope);
$element.html('').append(newHTML);
};
var htmlName = $attrs.bindHtmlUnsafe;
$scope.$watch(htmlName, function( newHTML ) {
if(!newHTML) return;
compile(newHTML);
});
};
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.