Angularjs: preview sanitized html

前端未结

关注

 1  1051

暗喜

Please find the plnkr

I want to display some html preview. The html is already sanitized at the server (for eg: \"<b>HELLO</b>\"

相关标签:

1条回答

刺人心

2021-01-24 04:34

You just need to use $sce.trustAsHtml and unsanitize HTML on your client: http://plnkr.co/edit/h2loxWsPJOELhNvkfHmK?p=preview

// From: https://stackoverflow.com/questions/1912501/unescape-html-entities-in-javascript
function htmlDecode(input){
  var e = document.createElement('div');
  e.innerHTML = input;
  return e.childNodes.length === 0 ? "" : e.childNodes[0].nodeValue;
}

myApp.controller('myController', ['$scope', '$sce', function myController($scope, $sce){
  $scope.myHtml = "<b>HELLO</b>";
  $scope.myHtml2 = $sce.trustAsHtml(htmlDecode("&lt;b&gt;HELLO&lt;/b&gt;"));

}]);

htmlDecode from: Unescape HTML entities in Javascript?

However, I would not recommend taking this approach. It feels very hackish and I suspect could lead to vulnerabilities on your site.

0 讨论(0)