[英]DOM sanitize function is not escaping the text that user entered
试图使用 Angular 清理 API 与用户在 angular 表单中输入的用户输入。 但是 Angular 的Sanitize()不是 escaping 输入的输入。
.ts
export class AppComponent {
userName = 'Angular';
constructor(private domSanitizer: DomSanitizer) {}
onSave(): void {
console.log('save clicked api call');
this.sanitizeUserName();
}
sanitizeUserName(): string {
const domSanitize = this.domSanitizer.sanitize(1, this.userName);
console.log('sanitized text/html', domSanitize);
return domSanitize;
}
}
.html
<form #userForm="ngForm">
<label>Username: </label>
<input type="text" [(ngModel)]="userName" name="username" />
<div>
<span>View : </span>
<div [innerHTML]="userName"></div>
</div>
<br />
<br />
<button type="button" (click)="onSave()">Save</button>
</form>
请在此处找到实时示例。 在component.ts中,我添加了一些示例来验证输入是否经过清理。
如果有人可以帮助我。
清理方法模型是:
sanitize(context: SecurityContext, value: SafeValue | string | null): string | null;
和 SecurityContext model 是:
enum SecurityContext {
NONE = 0,
HTML = 1,
STYLE = 2,
SCRIPT = 3,
URL = 4,
RESOURCE_URL = 5
}
所以看来你应该为 SecurityContext 使用第一名
sanitizeUserName(): string {
const domSanitize = this.domSanitizer.sanitize(1, this.userName);
console.log('sanitized text/html', domSanitize);
return domSanitize;
}
DOM 清理 function 不是 escaping 用户输入的文本
[英]DOM sanitize function is not escaping the text that user entered
如何清除用户输入的文本,以便可以在Javascript / JSON中使用它?
[英]How to sanitize user input text so that it can be used in Javascript/JSON?
如何获取值用户输入的html文本表单字段传递给javascript函数?
[英]How to get value user entered into html text form field passed to javascript function?
在DOM模型/ JavaScript中,文本框和输入到其中的值之间是否有区别?
[英]In the DOM model/JavaScript , Is there a difference between a a text box and the value entered into it?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.