发表新帖
发表新帖

:

后端 未结
关注
9 1181
情深已故
情深已故 2020-11-27 12:54

Since upgrading to the latest Angular 2 release candidate, my img tags:
相关标签:
9条回答
  • 离开以前
    2020-11-27 13:15

    Either you can expose sanitizer to the view, or expose a method that forwards the call to bypassSecurityTrustUrl

    <img class='photo-img' [hidden]="!showPhoto1" 
    [src]='sanitizer.bypassSecurityTrustUrl(theMediaItem.photoURL1)'>
    0 讨论(0)
  • 栀梦
    2020-11-27 13:16

    I'm using rc.4 and this method works for ES2015(ES6):

    import {DomSanitizationService} from '@angular/platform-browser';

@Component({
  templateUrl: 'build/pages/veeu/veeu.html'
})
export class VeeUPage {
  static get parameters() {
    return [NavController, App, MenuController, DomSanitizationService];
  }

  constructor(nav, app, menu, sanitizer) {

    this.app = app;
    this.nav = nav;
    this.menu = menu;
    this.sanitizer = sanitizer;    
  }

  photoURL() {
    return this.sanitizer.bypassSecurityTrustUrl(this.mediaItems[1].url);
  }
}

    In the HTML:

    <iframe [src]='photoURL()' width="640" height="360" frameborder="0"
    webkitallowfullscreen mozallowfullscreen allowfullscreen>
</iframe>

    Using a function will ensure that the value doesn't change after you sanitize it. Also be aware that the sanitization function you use depends on the context.

    For images, bypassSecurityTrustUrl will work but for other uses you need to refer to the documentation:

    https://angular.io/docs/ts/latest/api/platform-browser/index/DomSanitizer-class.html

    0 讨论(0)
  • 独厮守ぢ
    2020-11-27 13:21 
    import {DomSanitizationService} from '@angular/platform-browser';
@Component({
 templateUrl: 'build/pages/veeu/veeu.html'
 })
  export class VeeUPage {
     trustedURL:any;
      static get parameters() {
               return [NavController, App, MenuController, 
              DomSanitizationService];
        }
      constructor(nav, app, menu, sanitizer) {
        this.app = app;
        this.nav = nav;
        this.menu = menu;
        this.sanitizer = sanitizer;  
        this.trustedURL  = sanitizer.bypassSecurityTrustUrl(this.mediaItems[1].url);
        } 
 }



 <iframe [src]='trustedURL' width="640" height="360" frameborder="0"
   webkitallowfullscreen mozallowfullscreen allowfullscreen>
</iframe>


User property binding instead of function.
    0 讨论(0)
  • 太阳男子
    2020-11-27 13:26

    Use Safe Pipe to fix it.

    • Create a safe pipe if u haven't any.

      ng g c pipe safe

    • add Safe pipe in app.module.ts

      declarations: [ SafePipe ]

    • declare safe pipe in your ts

    Import Dom Sanitizer and Safe Pipe to access url safely

    import { Pipe, PipeTransform} from '@angular/core';
import { DomSanitizer } from "@angular/platform-browser";

@Pipe({ name: 'safe' })

export class SafePipe implements PipeTransform {

constructor(private sanitizer: DomSanitizer) { }
transform(url) {
 return this.sanitizer.bypassSecurityTrustResourceUrl(url);
  }
}

    - Add safe with src url 

    <iframe width="900" height="500" [src]="link | safe"/>
    0 讨论(0)
  • 不思量自难忘°
    2020-11-27 13:28

    It is possible to set image as background image to avoid unsafe url error:

    <div [style.backgroundImage]="'url(' + imageUrl + ')'" class="show-image"></div>

    CSS:

    .show-image {
    width: 100px;
    height: 100px;
    border-radius: 50%;
    background-size: cover;        
}
    0 讨论(0)
  • 你的背包
    2020-11-27 13:29

    The most elegant way to fix this: use pipe. Here is example (my blog). So you can then simply use url | safe pipe to bypass the security.

    <iframe [src]="url | safe"></iframe>

    Refer to the documentation on npm for details: https://www.npmjs.com/package/safe-pipe

    0 讨论(0)
 看不清?
提交回复
热议问题