Sanitize Value Strategy and translate-compile #1135
Comments
Please provide a demo of your case. Anyway, that one should match the issue: http://plnkr.co/edit/qE0ooWOgDKicPeymjmzr?p=preview And yes, that seems not to work. After enabling the last config line with I would assume that the "custom" attribute translate will be stripped away from the sanitization module which would be actually correct and expected. Unless we find a suitable version, I would recommend building the text on yourself. In case of a pattern used multiple times, I would recommend a custom directive and configuring the content on yourself using |
Your plnkr does match the issue when you enable the What exactly do you mean by
I have |
You have to create a custom directive (highly recommend) which calls the translate service (incl. the correct interpolation) and injects the values directly (i.e. via DOM). You also could try to decorate our directive component, but I'm not sure this would be very suitable. It looks like a very special case? |
Ok, now I know, thank you! I don't think it is a special case? I often have links in translations and I don't want to have HTML in the translation.. E.g. I prefer a |
Well, use an appropiate sanitize/escape strategy. At the moment, I cannot see something does not working as expected. |
Sorry, it seems that I am a bit slow, .. :/ but it does not work as expected and you said it yourself in your first comment - so will there be a bugfix or not? ;) I mean, of course, I can make a directive that solves this, but I am really wondering, if I am the only one having this problem. |
No. If you are using a sanitization of the result, don't be surprised by a sanitized string. Same for escaping. That is how sanitization or escaping is working. |
whatever strategy used, |
Sure it's working with the expected result of the selected strategy. Anyway: Please show a working example where the strategy is not working. |
Yes. The dynamic value (containing HTML) will be sanitized. Works as expected! |
Use the translate-filter then:
|
@whjvenyl yes thought about that too ;) maybe with one-time-binding:
|
Hi guys! I am getting too this error message: pascalprecht.translate.$translateSanitization: No sanitization strategy has been configured. This can have serious security implications. Has been found a solution? |
@FrancescoMussi Did you follow the link? :) |
Ah ok, I see. So basically all I have to do is to add $translateProvider.useSanitizeValueStrategy('sanitize'); in the config, right? |
If the strategy is right for you, that will be basically the step. At the moment we have no standard (no decision made for you) whether you have to use sanitization or escaping. |
Ok, thank you! |
I updated angular-translate to 2.7.2 and am now using 'sanitizeParameters' as strategy!
But when using
translate-compile
the inner text is not shown:(with 'null' as strategy it works fine, like before)
my question: is it possible to use
translate-compile
with this new strategies? if yes, how?The text was updated successfully, but these errors were encountered: