问题
I upgraded to RC1 which caused the previous solution for Beta 17 to no longer work, so I tried using the sanitizer but that causes problems for styles that may have embedded single quotes.
This statement:
sanitizer.bypassSecurityTrustStyle('url(/pImages/' + this.recipientId + '.jpg)');
gets converted into this:
style="background-image: url("/pImages/57211a89b65ff1be3edd14c9.jpg");"
and the double quote mark right after url( ends the style string and breaks it.
So I tried manually inserting the single quote markers:
sanitizer.bypassSecurityTrustStyle("url(\'/pImages/" + this.recipientId + ".jpg)\'");
But it converts those single quotes to double quotes and gives the same result, breaking the style string.
回答1:
Just to close the loop, there is no code adding single or double quotes to URLs during sanitization, this was Chrome Dev Tools being misleading by displaying double quotes. I think the actual problem was that the URL wasn't correct, or something along those lines.
来源:https://stackoverflow.com/questions/37238757/angular2-rc1-sanitizer-inserts-double-quotes-inside-styles-breaking-it