feat(core): add safeHtml opt to bypass sanitizing template HTML… (#2090)

fix #2039
ngx-formly · Mar 17, 2020 · bbd7009 · bbd7009
1 parent a96cae6
commit bbd7009
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/src/core/src/lib/templates/field-template.type.ts b/src/core/src/lib/templates/field-template.type.ts
@@ -1,8 +1,27 @@
 import { Component } from '@angular/core';
+import { DomSanitizer } from '@angular/platform-browser';
 import { FieldType } from './field.type';
 
 @Component({
   selector: 'formly-template',
-  template: `<div [innerHtml]="field.template"></div>`,
+  template: `<div [innerHtml]="template"></div>`,
 })
-export class FormlyTemplateType extends FieldType {}
+export class FormlyTemplateType extends FieldType {
+  get template() {
+    if (this.field && (this.field.template !== this.innerHtml.template)) {
+      this.innerHtml = {
+        template: this.field.template,
+        content: this.to.safeHtml
+          ? this.sanitizer.bypassSecurityTrustHtml(this.field.template)
+          : this.field.template,
+      };
+    }
+
+    return this.innerHtml.content;
+  }
+
+  private innerHtml = { content: null, template: null };
+  constructor(private sanitizer: DomSanitizer) {
+    super();
+  }
+}