Use of ng-bind-html
AngualrJS provides the directive ng-bind-html for binding documents containing HTML tags, using:
<ANY of-bind-html=""> ... </ANY>
Test Case:
index.html
<div ng-controller="TestCtrl"> <div> <p ng-bind-html="myHTML"></p> </div> </div>
index.js
var myApp = angular.module('myApp', []); myApp.controller('TestCtrl', ['$scope', function($scope){ $scope.myHTML = '<strong>Hot</strong>'; }]);
The browser outputs the following error:
angular.js:11598 Error: [$sce:unsafe] Attempting to use an unsafe value in a safe context. http://errors.angularjs.org/1.3.11/$sce/unsafe at file:///home/y/my_temp/angular_test/web/app/js/angular.js:63:12 at htmlSanitizer (file:///home/y/my_temp/angular_test/web/app/js/angular.js:15053:13) at getTrusted (file:///home/y/my_temp/angular_test/web/app/js/angular.js:15217:16) at Object.sce.(anonymous function) [as getTrustedHtml] (file:///home/y/my_temp/angular_test/web/app/js/angular.js:15897:16) at Object.ngBindHtmlWatchAction [as fn] (file:///home/y/my_temp/angular_test/web/app/js/angular.js:20449:29) at Scope.$digest (file:///home/y/my_temp/angular_test/web/app/js/angular.js:14230:29) at Scope.$apply (file:///home/y/my_temp/angular_test/web/app/js/angular.js:14493:24) at bootstrapApply (file:///home/y/my_temp/angular_test/web/app/js/angular.js:1449:15) at Object.invoke (file:///home/y/my_temp/angular_test/web/app/js/angular.js:4182:17) at doBootstrap (file:///home/y/my_temp/angular_test/web/app/js/angular.js:1447:14)angular.js:11598 (anonymous function)angular.js:8548 (anonymous function)
Check the official documentation to use: $sanitize service
Note: If a $sanitize service is unavailable and the bound value isn't explicitly trusted, you will have an exception (instead of an exploit.)
Configure the sanitize service in angular.module:
var myApp = angular.module('myApp', ['ngSanitize']);
Refresh the browser again and output the following error message:
Uncaught Error: [$injector:modulerr] Failed to instantiate module myApp due to: Error: [$injector:modulerr] Failed to instantiate module ngSanitize due to: Error: [$injector:nomod] Module 'ngSanitize' is not available! You either misspelled the module name or forgot to load it. If registering a module ensure that you specify the dependencies as the second argument. http://errors.angularjs.org/1.3.11/$injector/nomod?p0=ngSanitize at file:///home/y/my_temp/angular_test/web/app/js/angular.js:63:12 at file:///home/y/my_temp/angular_test/web/app/js/angular.js:1764:17 at ensure (file:///home/y/my_temp/angular_test/web/app/js/angular.js:1688:38) at module (file:///home/y/my_temp/angular_test/web/app/js/angular.js:1762:14) at file:///home/y/my_temp/angular_test/web/app/js/angular.js:4094:22 at forEach (file:///home/y/my_temp/angular_test/web/app/js/angular.js:323:20) at loadModules (file:///home/y/my_temp/angular_test/web/app/js/angular.js:4078:5) at file:///home/y/my_temp/angular_test/web/app/js/angular.js:4095:40 at forEach (file:///home/y/my_temp/angular_test/web/app/js/angu
It is found that angular.js does not have a sanitize module, here will
Just load angular-sanitize.js in.
<script src="../js/angular-sanitize.js"></script>
Original address: https://www.cnblogs.com/yshyee/p/4272180.html