angular4 编译html,angular - Angular4: SafeUrl in SafeHtml - Stack Overflow

What I am trying to achieve is a dynamically generated html with some static links in it.

So, in a component, I have an array of objects:

let list = [{

type: 'container',

title: 'SIMPLE LIST'

description: '

  • A // or [href] or routerLink+fragment

  • B

  • C

'

}, {

type: 'container',

title: 'SIMPLE ICON'

description: 'launch'

}]

Then I pass it to a service which sanitize the description key via bypassSecurityTrustHtml() (from DomSanitzer):

export class myDynamicBuilder {

content: Array;

constructor(content, sanitizer) {

content.forEach(each => {

if (item.hasOwnProperty('description') && typeof item['description'] === 'string') {

item['description'] = sanitizer.bypassSecurityTrustHtml(item['description'])

}

this.content = content

})

}

}

Then in template:

{{item?.title}}

Links in description field do not work as expected.:

if href is used as attribute a complete reload of the app is triggered (which is very bad)

if the routerLink directive is used the link doesn't work

if [href] is used I get the usual XSS security warning. So, I went back to the docs and I've found the convenient bypassSecurityTrustUrl function. I modified the above mentioned service to replace strings after [href] with the output of the bypassSecurityTrustUrl and then throw the result in the bypassSecurityTrustHtml function. Got a very nicely rendered HTML but with a non functional link.

How should I handle this scenario? I am thinking of building some pipes as shown in this question but not sure if this is the right way to do it. Another idea could be to let my service handle a new key (maybe links) of the input object, sanitize via bypassSecurityTrustUrl and then inject safe links in the sanitized HTML. Is there any defined way to do this? Thanks.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值