[英]Angular2: making an iframe src safe using a directive
我試圖將經過清理的src屬性應用於iframe,直接可以正常工作,但是當將其全部放入屬性指令中時,它拒絕玩球。 這是指令代碼,以及出現的錯誤信息
import { OnInit, Directive, ElementRef, Input, Renderer } from '@angular/core';
import { DomSanitizer, SafeResourceUrl} from '@angular/platform-browser';
@Directive({
selector: '[resume]'
})
export class ResumeDirective implements OnInit {
@Input('resume') inputLink: string;
constructor(private _sanitizer: DomSanitizer, private el: ElementRef, private render: Renderer) {
}
ngOnInit(): void {
let _url: string = this.inputLink + '#zoom=100';
let resumeUrl: SafeResourceUrl = this._sanitizer.bypassSecurityTrustResourceUrl(_url);
// this.el.nativeElement.src = resumeUrl.toString(); // same result
this.render.setElementProperty(this.el.nativeElement, 'src', _url);
// using 'srcdoc' or setElementAttribute brings same results
}
}
我收到錯誤消息: SafeValue must use [property]=binding: /theurl/x.pdf#zoom=100 (see http://g.co/ng/security#xss)
您可以嘗試@HostBinding()
-雖然不確定是否可以工作
@Directive({
selector: '[resume]'
})
export class ResumeDirective implements OnInit {
@Input('resume') inputLink: string;
constructor(private _sanitizer: DomSanitizer, private el: ElementRef, private render: Renderer) {
}
@HostBinding('src')
resumeUrl:any;
ngOnInit(): void {
let _url: string = this.inputLink + '#zoom=100';
this.resumeUrl = this._sanitizer.bypassSecurityTrustResourceUrl(_url);
}
}
this.render.setElementProperty
並不關心已凈化的值,它僅調用DOM API並按原樣傳遞已凈化的值。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.