New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
template is sanitized by Angular #2039
Comments
use import { DomSanitizer } from '@angular/platform-browser';
...
fields: = [{
key: "test",
template: this.sanitizer.bypassSecurityTrustHtml(`test: <input>`),
templateOptions: {
label: "test"
}
}];
constructor(private sanitizer: DomSanitizer) {} |
I know about |
ok, I'll mark this as a feature, adding an extra option to mark it safe but not by default: fields: = [{
key: "test",
template: `test: <input>`,
templateOptions: {
+ safeHtml: true
}
}]; |
I'm voting up for this feature, but what is the problem with making it safe by default, the template value is not dynamically created *i.e via an API call). just to know your opinion. |
|
keep in mined that this method will cause error TS2322: Type 'SafeHtml' is not assignable to type 'string'. we may use
which is not recommended |
This issue has been fixed and released as part of v5.6.0 release. Please let us know, in case you are still encountering a similar issue/problem. |
wow, great news. ❤ |
did'nt work also please check this issue I updated formly to the latest version. |
fields: [{
key:"categories",
template:'<input type="checkbox" name="test" value="ok"/> test<br />',
- safeHtml: true
+ templateOptions: {
+ safeHtml: true
+ }
}], |
WARNING: sanitizing HTML stripped some content, see http://g.co/ng/security#xss
this causes that not being rendered.
The text was updated successfully, but these errors were encountered: