如何以角度清理 html 以避免 XSS 漏洞
[英]How to sanitize html in angular for avoiding XSS vulnerabilities
问题描述
Getting XSS vulnerabilities while accessing API call and accessing in HTML page.
在访问 API 调用和访问 HTML 页面时获取 XSS 漏洞。 Tried with DOM sanitizer with url and Sanitized html as well, still getting XSS Cross site scripting issues.尝试使用 DOM sanitizer with url 和 Sanitized html,仍然遇到 XSS 跨站点脚本问题。 Tried with below way.用下面的方法试过。 Please correct me if anything is wrong and suggest me the solution.如果有任何问题,请纠正我并建议我解决方案。
const dataUrl = this.domSanitizer.sanitize(
SecurityContext.RESOURCE_URL,
this.domSanitizer.bypassSecurityTrustResourceUrl(
'https://raw.githubusercontent.com/l-lin/angular-datatables/master/demo/src/data/data.json'
)
);
html: html:
<td [innerHTML]="person.id | sanitizeHtml"></td>
<td [innerHTML]="person.firstName | sanitizeHtml"></td>
<td [innerHTML]="person.lastName | sanitizeHtml"></td>
2 个解决方案
解决方案1
0 2021-10-28 14:05:04
Are these HTML type string you are putting in here?这些是您要放在这里的 HTML 类型字符串吗? if they are normal string that don't contain HTML content then you should use the normal syntax with curly braces.如果它们是不包含 HTML 内容的普通字符串,那么您应该使用带花括号的普通语法。
<td>{{ person.id }}</td>
<td>{{ person.firstName }}</td>
<td>{{ person.lastName }}</td>
解决方案2
-1 2021-10-28 13:54:37
You can use innerText instead of innerHTML to solve this issue :).您可以使用innerText而不是innerHTML来解决这个问题:)。
Your HTML will look like this:您的 HTML 将如下所示:
<td [innerText]="person.id"></td>
<td [innerText]="person.firstName"></td>
<td [innerText]="person.lastName"></td>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.