我正在使用 DomSanitizer 函数 bypassSecurityTrustHtml() 进行消毒。
The value is stored in a changingThisBreaksApplicationSecurity
property. Which probably says enough to not use it.
const safeHtml = this.domSanitizer.bypassSecurityTrustHtml('<div>hello</div>');
const html = safeHtml['changingThisBreaksApplicationSecurity'];
// html === <div>hello</div>;
However, you should only use the sanitizer and the value returned inside your template:
<div [innerHTML]="safeHtml"></div>
Now the div will have the contents of the html passed into the bypassSecurityTrustHtml
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.