问题
I am sanitizing the current html (string value), I want to know if is possible only allow certains attributes. In this example the string only should keep the "id" attribute. Like this:
<h1 id="header">DomSanitizer</h1><script>ourSafeCode()</script>');
This is an example of my component.
import {BrowserModule, DomSanitizer} from '@angular/platform-browser'
@Component({
selector: 'my-app',
template: `
<div [innerHtml]="html"></div>
`,
})
export class App {
constructor(private sanitizer: DomSanitizer) {
this.html = sanitizer.bypassSecurityTrustHtml('<h1 id="header" class="headerClass" style="background-color: red" >DomSanitizer</h1><script>ourSafeCode()</script>') ;
}
}
But instead I am getting all the attributes from the string, I was thiking on a regular expersion o something like that. But I want to know if I can filter the attributes (I am noob).
来源:https://stackoverflow.com/questions/42685118/is-possible-sanitize-on-angular2-a-html-string-allowing-certaing-tags