[Angular] Use Angular style sanitization to mark dynamic styles as trusted values

最新推荐文章于 2024-09-02 17:34:07 发布

weixin_33843947

最新推荐文章于 2024-09-02 17:34:07 发布

阅读量64

点赞数

文章标签： javascript ViewUI

Angular has a very robust security model. Dynamically inserted html, style or url values into the DOM open up possibilities for attackers to compromise your site. Thus Angular treats all values as untrusted by default. In this lesson we learn how to “sanitize” values where we are sure they are trustful.

import { Component } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';

@Component({
  selector: 'sanitized-component',
  template: `
    <div [style]="getStyle()">
    </div>
  `
})
export class SanitizedComponent {

  constructor(private sanitizer: DomSanitizer) {}
  getStyle() {
    const gravatarUrl = 'https://cdn1.lelynx.fr/wp-content/uploads/2016/02/chat-pleure-1-150x150.jpg';
    const style = `background-image: url(${gravatarUrl}); width:150px; height:150px; border:1px solid black;`;
    return this.sanitizer.bypassSecurityTrustStyle(style);
  }
}

关注博主即可阅读全文

确定要放弃本次机会？

福利倒计时

: :

立减 ¥

普通VIP年卡可用

立即使用

weixin_33843947

关注关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
[Angular] Use Angular style sanitization to mark dynamic styles as trusted values

Angular has a very robust security model. Dynamically inserted html, style or url values into the DOM open up possibilities for attackers to compromise your site. Thus Angular treats all values as unt...
复制链接

扫一扫