如何在调用 API 时使用 DOMSANITIZER(bypassSecurityTrustUrl)
[英]How to use DOMSANITIZER(bypassSecurityTrustUrl) while calling the API
问题描述
Getting XSS vulnerabilities while calling the API for fetching the data.
在调用 API 以获取数据时获取 XSS 漏洞。 So trying to add DOMSANITIZER , but its failing.所以试图添加DOMSANITIZER ,但它失败了。 Tried below code, please suggest me the solution.试过下面的代码,请给我建议解决方案。
this.http.get(this.domSanitizer.bypassSecurityTrustUrl(dataUrl),{headers:headers}).subscribe(response => {
this.persons = response.data.map(x=>({...x,check:false,test:x.firstName}));
this.dtTrigger.next();
});
1 个解决方案
解决方案1
1 已采纳 2021-10-27 23:53:32
You can use DOMSANITIZER while using the API in following way.您可以通过以下方式在使用 API 时使用 DOMSANITIZER。
- Import these:导入这些:
import { Component, OnInit, ViewChild, SecurityContext, } from '@angular/core'; import {DomSanitizer} from '@angular/platform-browser';
- Use this below code in your project where you are using this:在您使用它的项目中使用以下代码:
const dataUrl = this.domSanitizer.sanitize( SecurityContext.RESOURCE_URL, this.domSanitizer.bypassSecurityTrustResourceUrl( 'https://raw.githubusercontent.com/l-lin/angular-datatables/master/demo/src/data/data.json' ) ); this.http.get(dataUrl).subscribe((response) => { this.persons = response.data.map((x) => ({ ...x, check: false, test: x.firstName, })); this.dtTrigger.next(); });
Important:重要的:
This code is working on your stackblitz url.此代码适用于您的 stackblitz 网址。
I have also save it and you can go there to check it.我也保存了,你可以去那里查看。 https://stackblitz.com/edit/column-names-as-tooltip-wcw1f7?file=app%2Fapp.component.ts https://stackblitz.com/edit/column-names-as-tooltip-wcw1f7?file=app%2Fapp.component.ts
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.