需求描述: 在angular框架下引入iframe,直接为iframe中src赋网址浏览器会报错:unsafe value used in a resource URL context。
解决: 由于 iframe 的 src 属性是资源 URL 安全上下文,不可信源可以在用户不知情的情况下执行某些不安全的操作。所有要使用angular提供的DomSanitizer服务
import { Component, OnInit } from '@angular/core';
import { DomSanitizer, SafeResourceUrl } from '@angular/platform-brower';
@Component({
selector: 'app-home',
templateUrl: './home.component.html',
styleUrls: ['./home.component.scss']
})
export class HomeComponent implements OnInit {
url = 'https://wh-frontend/p?idToken=';
iframeUrl: SafeResourceUrl = '';
idToken:string = '';
constructor(
private sanitizer: DomSanitizer,
private routerInfo: ActivatedRoute,) {
if(this.routerInfo.snapshot.queryParams["idToken"]) {
this.idToken= this.routerInfo.snapshot.queryParams["idToken"]
window.sessionStorage.setItem("idToken", this.idToken)
}else{
this.idToken = window.sessionStorage.getItem("idToken") || ''
}
this.iframeUrl = this.sanitizer.bypassSecurityTrustResourceUrl(this.url + this.idToken);
}
ngOnInit() {
}
}
<iframe class="ifra" name="" title="navigation" [src]="iframeUrl"></iframe>