I used to be able to use ng-bind-html-unsafe
to output unsanitized code (because sanitization happens serverside).
But now that option is gone? I know I can use $sce.trustAsHtml
but adding that to the JavaScript all over the place is a huge pain when unsafe was so easy to use.
How do I get unsafe back?
The ng-bind-html directive is a secure way of binding content to an HTML element. When you are letting AngularJS write HTML in your application, you should check the HTML for dangerous code. By including the "angular-sanitize.
The ng-bind-html Directive in AngularJS is used to bind the innerHTML of an HTML element to application data and remove dangerous code from the HTML string. $sanitize service is a must for the ng-bind-html directive. It is supported by all HTML elements.
ngModel usually use for input tags for bind a variable that we can change variable from controller and html page but ngBind use for display a variable in html page and we can change variable just from controller and html just show variable. Save this answer.
The ng-bind directive tells AngularJS to replace the content of an HTML element with the value of a given variable, or expression. If the value of the given variable, or expression, changes, the content of the specified HTML element will be changed as well.
Simpler again.
App.filter('unsafe', ['$sce', function ($sce) {
return function (val) {
return $sce.trustAsHtml(val);
};
}]);
Usage:
<any ng-bind-html="content | unsafe"></any>
For more on html binding check the docs here.
Just a warning: make sure you actually trust the html, or you could be opening a hole in your sites security.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With