我应该何时以及如何使用domsanitizer.bypasssecuritytrustscript
)
我已经花了4h+在搜索网络上为此,所以我决定询问社区...
Angular的domsanitizer.bypasssecuritytrustscript方法的确切用例是什么?
我知道,这
- 带有安全风险
- 并不是将代码插入Angular Apps的最佳方法
- 唯一方法。
- ,这并不是注入脚本标签等的
我不想将其用于实际实现。我只是在提供 给我的用户的角管,我想向他们解释何时以及如何 使用每个安全上下文(例如[innerhtml] =“ somevar | trust:'html'”)。
除了绕过旁观脚本方法外,我可以找到所有的示例。
那么,任何人都可以向我解释何时以及如何使用domsanitizer.bypasssecuritytrustscript?
$ ng --version
Angular CLI: 12.2.17
Node: 14.17.6
Package Manager: npm 6.14.15
OS: win32 x64
Angular: 12.2.16
... animations, common, compiler, compiler-cli, core, elements
... forms, language-service, platform-browser
... platform-browser-dynamic, router
Package Version
------------------------------------------------------------
@angular-devkit/architect 0.1202.17
@angular-devkit/build-angular 12.2.17
@angular-devkit/core 12.2.17
@angular-devkit/schematics 12.2.17
@angular/cdk 12.2.13
@angular/cli 12.2.17
@angular/flex-layout 12.0.0-beta.35
@angular/material 12.2.13
@angular/material-moment-adapter 12.2.13
@schematics/angular 12.2.17
ng-packagr 12.2.7
rxjs 6.6.7
typescript 4.3.5
cheers,markus;)
)
I've already spent 4h+ searching the web for this, so I decided to ask the community...
What is the exact use case for angular's DomSanitizer.bypassSecurityTrustScript method?
I know, that this
- comes with security risks
- is not the best way to insert code into angular apps
- is not the only way to inject script tags
- etc.
I don't want to use it for a real implementation. I'm just providing
an Angular Pipe to my users and I want to explain to them when and how
to use each security context (e.g. [innerHtml]="someVar | trust: 'html'").
I could find good examples for all except for the bypassSecurityTrustScript method.
So, can anyone explain to me WHEN and HOW to use DomSanitizer.bypassSecurityTrustScript?
$ ng --version
Angular CLI: 12.2.17
Node: 14.17.6
Package Manager: npm 6.14.15
OS: win32 x64
Angular: 12.2.16
... animations, common, compiler, compiler-cli, core, elements
... forms, language-service, platform-browser
... platform-browser-dynamic, router
Package Version
------------------------------------------------------------
@angular-devkit/architect 0.1202.17
@angular-devkit/build-angular 12.2.17
@angular-devkit/core 12.2.17
@angular-devkit/schematics 12.2.17
@angular/cdk 12.2.13
@angular/cli 12.2.17
@angular/flex-layout 12.0.0-beta.35
@angular/material 12.2.13
@angular/material-moment-adapter 12.2.13
@schematics/angular 12.2.17
ng-packagr 12.2.7
rxjs 6.6.7
typescript 4.3.5
Cheers, Markus ;)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论