[英]filter user input in angularjs
I built something in angular using ng-repeat 我使用ng-repeat在angular中构建了一些东西
<ul class="messages">
<li ng-repeat="e in enquiries">
<img src="/img/avatar.jpg" alt="">
<div>
<div>
<h5>{{e.user}}</h5>
<span class="time"><i class="fa fa-clock-o"></i> {{e.created_at}}</span>
</div>
<p>{{e.post}}</p>
<div ng-if="e.is_replied == 'no'"><a href="/hub/delete">Delete</a></div>
</div>
</li>
</ul>
This is to display the inputs by users. 这是为了显示用户的输入。 However i did not
htmlentities
to encode the user input but directly insert the user input into database such as <a href="jscode">Hack</a>
However i notice when i display this message using above code. 但是,我没有
htmlentities
来编码用户输入,而是直接将用户输入插入数据库,例如<a href="jscode">Hack</a>
但是,当我使用上述代码显示此消息时,我注意到了。 it will still display the message as <a href="jscode">Hack</a>
instead of display a " hack
" link. 它将仍显示为
<a href="jscode">Hack</a>
消息,而不是显示“ hack
”链接。 can i say in this case angular will auto sanitize the input? 我可以说在这种情况下,角度将自动清除输入吗? Should i still need to use "ng-bind-html"?
我是否仍需要使用“ ng-bind-html”?
If your post content is HTML you will need to change to ng-bind-html: 如果您的帖子内容是HTML,则需要更改为ng-bind-html:
<p ng-bind-html="e.post | to_trusted"></p>
Also you will need a filter to sanitize: 另外,您将需要一个过滤器来清理:
app.filter('to_trusted', ['$sce', function ($sce) {
return function (text) {
return $sce.trustAsHtml(text);
};
}])
Your best bet is the $sanitize service, part of the ngSanitize
module. 最好的选择是$ sanitize服务,它是
ngSanitize
模块的一部分。 Use the ng-bind-html
directive, which automatically uses $sanitize
. 使用
ng-bind-html
指令,该指令自动使用$sanitize
。 ng-bind-html
will insert your text as raw HTML, but only if it's in the ngSanitize
white list of safe HTML. ng-bind-html
会将您的文本插入为原始HTML,但ngSanitize
是该ngSanitize
位于安全HTML的ngSanitize
白名单中。 If you're absolutely sure the HTML is safe (eg, if you sanitize it on the back end), there's a way to tell Angular to stuff it in as is, regardless of the white list. 如果您绝对确定HTML是安全的(例如,如果在后端对其进行了清理),则有一种方法可以告诉Angular将其原样填充,而不管白名单如何。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.