使用 *ngfor对象变量显示自定义HTML元素

发布于 2025-02-08 09:30:41 字数 686 浏览 4 评论 0 原文

我有一个界面：

export interface Project {
    id: number;
    name: string;
    description: string;
    previewHTMLElement: string;
}

我在列表中使用：

export const PROJECTLIST: Project[] = [
    {id: 1, name: 'a-cool-name', description: 'a cute description', previewHTMLElement: '<img src="assets/images/{{project.name}}.png">'}
]

我试图在NGFOR指令中使用：

<div *ngFor="let project of projectList">
    {{project.previewHTMLElement}}
</div>

但这只是替换 {{project.previewhtmlelement}}}} 用#Text block重复任何内容在字符串中。我需要能够将任何类型的元素放在字符串中，并将其作为实际的htmlemlement呈现。

使用角指令实现这一目标的正确方法是什么？

原文

I have an interface:

export interface Project {
    id: number;
    name: string;
    description: string;
    previewHTMLElement: string;
}

That I use in a list:

export const PROJECTLIST: Project[] = [
    {id: 1, name: 'a-cool-name', description: 'a cute description', previewHTMLElement: '<img src="assets/images/{{project.name}}.png">'}
]

That I am trying to use in an ngFor directive:

<div *ngFor="let project of projectList">
    {{project.previewHTMLElement}}
</div>

But this is just replacing {{project.previewHTMLElement}} with a #Text block that repeats whatever was in the string. I need to be able to put any kind of Element in the string and have it be rendered in as an actual HTMLElement.

What is the proper way to use angular directives to accomplish this goal?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

宛菡 2025-02-15 09:30:41

Angular 2+支持 [InnerHTML] 属性绑定将呈现HTML。如果您否则要使用插值，它将被视为字符串。

我不相信InnerHTML不首先清洁的任何东西。因此，使用Domsanitizer，Angular的服务有助于防止攻击者将恶意客户端脚本注入网页，通常称为跨站点脚本或XSS。

<div *ngFor="let project of projectList">
  <span [innerHTML]="project.previewHTMLElement | sanitizeHtml"></span>
</div>

消毒管的

import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';

@Pipe({ name: 'sanitizeHtml' })
export class sanitizeHtmlPipe implements PipeTransform {
  constructor(private _sanitizer: DomSanitizer) {}

  public transform(value: any): SafeHtml {
    const sanitizedContent = this._sanitizer.sanitize(1, value);
    return this._sanitizer.bypassSecurityTrustHtml(sanitizedContent);
  }
}

工作示例：

Angular 2+ supports an [innerHTML] property binding that will render HTML. If you were to otherwise use interpolation, it would be treated as a string.

I wouldn't trust anything to be used with innerHTML without cleaning it first. So, with DomSanitizer, a service of Angular helps to prevent attackers from injecting malicious client-side scripts into web pages, which is often referred to as Cross-site Scripting or XSS.

<div *ngFor="let project of projectList">
  <span [innerHTML]="project.previewHTMLElement | sanitizeHtml"></span>
</div>

The sanitizer pipe

import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';

@Pipe({ name: 'sanitizeHtml' })
export class sanitizeHtmlPipe implements PipeTransform {
  constructor(private _sanitizer: DomSanitizer) {}

  public transform(value: any): SafeHtml {
    const sanitizedContent = this._sanitizer.sanitize(1, value);
    return this._sanitizer.bypassSecurityTrustHtml(sanitizedContent);
  }
}

Working example: https://stackblitz.com/edit/angular-pqwwes?file=app%2Fapp.component.html

回复收藏 0 原文