DOM 清理 function 不是 escaping 用户输入的文本
[英]DOM sanitize function is not escaping the text that user entered
问题描述
Was trying to use Angular Sanitize API with the user input entered by the user inside angular form.
试图使用 Angular 清理 API 与用户在 angular 表单中输入的用户输入。
But the Angular's Sanitize() is not escaping the input entered.但是 Angular 的Sanitize()不是 escaping 输入的输入。
.ts .ts
export class AppComponent {
userName = 'Angular';
constructor(private domSanitizer: DomSanitizer) {}
onSave(): void {
console.log('save clicked api call');
this.sanitizeUserName();
}
sanitizeUserName(): string {
const domSanitize = this.domSanitizer.sanitize(5, this.userName);
console.log('sanitized text/html', domSanitize);
return domSanitize;
}
}
.html .html
<form #userForm="ngForm">
<label>Username: </label>
<input type="text" [(ngModel)]="userName" name="username" />
<div>
<span>View : </span>
<div [innerHTML]="userName"></div>
</div>
<br />
<br />
<button type="button" (click)="onSave()">Save</button>
</form>
Please find the live example Here In the File I have provided below examples to verify if the input is sanitized or not.请在此处找到实时示例在我提供的以下示例中的文件中,以验证输入是否经过消毒。 I tried using input inside angular form as displayed in the below link as an example code.我尝试在 angular 表单中使用输入,如下面的链接所示作为示例代码。
1 个解决方案
解决方案1
0 2022-09-06 04:46:03
Maybe add js script below html body也许在 html 正文下面添加 js 脚本
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.