Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Discussion about allowing HTML #3
I want to discuss here of what should we do about trusting html.
I saw various ways, and I am not sure of any of them:
As today, you can add html onto it,
The problem with
I want to discuss what are your thoughts about this.
Allowing HTML is problematic, there is no perfect solution.
There are various options and I decided for one. Allowing basic html on it, but that doesn't support angular directives and to do that, I need to make the toasts really insecure.
I think that since it is just to popup information, it doesn't need complex stuff on it.
So for now, I want to wait to see how people use it and then act.
I understand you decision. Our use-case is to display a countdown in a popup message or something to show the user that he is getting logged out by inactivity. So we decided to use a non blocking toast message for that. But without angular binding there is only the option to show multiple toasts every x seconds/minutes etc. to give the desired behavior.
referenced this issue
Mar 7, 2015
This was referenced
Sep 11, 2015
i got $sce warning with
my intention enabling html just using
and it's throw $sce error on fail callback when interact with