问题
I am generating html, and inserting it into my web page using
let data = '<font color=blue>hello world</font>';
this.safevalue = this.domSanitizer.bypassSecurityTrustHtml(data);
Elsewhere in my code I want to convert the safe value back into a string, so I tried this...
data = this.safevalue.toString();
but this sets data to a string like this...
'SafeValue must use [property]=binding: (see http://g.co/ng/security#xss)'
which is not helpful
回答1:
I don't know if you already found a fix for this, but, if you just want the original value, marked as safe:
var yourString = this.domSanitizer.sanitize(SecurityContext.HTML, data)
回答2:
I've dug through the source code and it appears that it is not possible to get the original string from a SafeValue. So I guess I'll have to keep parallel data array for all the unsafe values.
来源:https://stackoverflow.com/questions/46959219/how-to-undo-bypasssecuritytrusthtml-i-e-convert-safevalue-back-to-string