Menu
I 'm trying to understand what's the difference between properties.
Please help with practical examples. When to use them?
Such questions are not found in this forum. Help me please.
256
Strict Contextual Escaping (SCE) is a mode in which AngularJS constrains bindings to only render trusted values. Its goal is to assist in writing code in a way that (a) is secure by default, and (b) makes auditing for security vulnerabilities such as XSS, clickjacking, etc.
trustAsHtml() produces a string that is safe to use with ng-bind-html .
Angular automatically sanitizes data if you use the ng-bind-html directive.
The ng-controller uses $sce (Strict Contextual Escaping) service which is used to mark the HTML as trusted using the trustAsHtml method. Note: Unless the HTML content is trusted using the $sce service, it will not be displayed using ng-bind-html directive.
$sce is the service that actually chooses whether or not a string is safe to use and whether or not it should be sanitized. If it's HTML it is run through $sanitize if it's available. You probably won't ever need to use $sanitize - since all strings are escaped by default, you just selectively trust HTML using the $sce service.
You can read more about $sce here.
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
