In my web application I given an object that is wrapped with angular $sce.In this object each property has a special property $$unwrappedTrusted but it doesn't really give me the object value.How I can get trusted value of object property?
Strict Contextual Escaping (SCE) is a mode in which AngularJS constrains bindings to only render trusted values. Its goal is to assist in writing code in a way that (a) is secure by default, and (b) makes auditing for security vulnerabilities such as XSS, clickjacking, etc. a lot easier.
trustAsHtml() produces a string that is safe to use with ng-bind-html .
The ng-controller uses $sce (Strict Contextual Escaping) service which is used to mark the HTML as trusted using the trustAsHtml method. Note: Unless the HTML content is trusted using the $sce service, it will not be displayed using ng-bind-html directive.
As @rrhrg said properties start with $$ considered as private and not safe to use. Better use valueOf method of $sce service.
var trustedResource = $sce.trustAsResourceUrl("www.abcd.com/folder/image.png");
$sce.valueOf(trustedResource); // "www.abcd.com/folder/image.png"
http://jsbin.com/morixekuxi/edit?html,js,console
You can use the getTrustedHtml() function. This gets the html string value from $$unwrapTrustedValue.
vm.user.bio = $sce.getTrustedHtml(vm.user.bio);
You may also need to include ngSanitize.
There are more answers on this topic in this post: Unit testing the output of $sce.trustAsHtml in Angular
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With