Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get unwrapped value of object that wrapped with $sce?

Tags:

In my web application I given an object that is wrapped with angular $sce.In this object each property has a special property $$unwrappedTrusted but it doesn't really give me the object value.How I can get trusted value of object property?

like image 546
ali Avatar asked Jun 19 '14 15:06

ali


People also ask

What is$ sce Angular?

Strict Contextual Escaping (SCE) is a mode in which AngularJS constrains bindings to only render trusted values. Its goal is to assist in writing code in a way that (a) is secure by default, and (b) makes auditing for security vulnerabilities such as XSS, clickjacking, etc. a lot easier.

What is trustAsHtml?

trustAsHtml() produces a string that is safe to use with ng-bind-html .

What is SCE trustAsHtml in AngularJS?

The ng-controller uses $sce (Strict Contextual Escaping) service which is used to mark the HTML as trusted using the trustAsHtml method. Note: Unless the HTML content is trusted using the $sce service, it will not be displayed using ng-bind-html directive.


2 Answers

As @rrhrg said properties start with $$ considered as private and not safe to use. Better use valueOf method of $sce service.

var trustedResource = $sce.trustAsResourceUrl("www.abcd.com/folder/image.png");
$sce.valueOf(trustedResource); // "www.abcd.com/folder/image.png"

http://jsbin.com/morixekuxi/edit?html,js,console

like image 106
Ninja Avatar answered Sep 24 '22 18:09

Ninja


You can use the getTrustedHtml() function. This gets the html string value from $$unwrapTrustedValue.

vm.user.bio = $sce.getTrustedHtml(vm.user.bio);

You may also need to include ngSanitize.

There are more answers on this topic in this post: Unit testing the output of $sce.trustAsHtml in Angular

like image 43
James Avatar answered Sep 26 '22 18:09

James