[AngularJS] Html ngSanitize, $sce
Safely render arbitrary HTML snippets by using ngSanitize and $sce.
By default angularJS consider user's input html is danger, so if you want to display html tag on the page will show unsafe error.
To remove this error and trust user's input, we can install ngSanitize:
bower install angular-sanitize
var egghead = angular.module("egghead", ["ngSanitize"]); egghead.controller("AppCtrl", function () { var app = this; app.someHtml = '<a href="http://egghead.io" style="color:red">Learn stuff!</strong>'; });
<!DOCTYPE html> <html> <head> <title>Egghead.io</title> <link rel="stylesheet" href="bower_components/bootstrap.css/css/bootstrap.css"/> </head> <body ng-app="egghead" ng-controller="AppCtrl as app"> <textarea name="" id="" cols="30" rows="10" ng-model="app.someHtml"></textarea> <div ng-bind-html="app.someHtml"></div> <script src="bower_components/angular/angular.js"></script> <script src="bower_components/angular-sanitize/angular-sanitize.js"></script> <script src="app.js"></script> </body> </html>
Then the error message has gone, but we didn't get the result which we want, we want "Learn stuff" shown in red color:
<a href="http://egghead.io" style="color:red">Learn stuff!</strong>
To overcome this, we can use $sce service:
var egghead = angular.module("egghead", ["ngSanitize"]); egghead.controller("AppCtrl", function ($sce) { var app = this; app.someHtml = $sce.trustAsHtml('<a href="http://egghead.io" style="color:red">Learn stuff!</strong>'); });
Also you can trust as javascript, css && url:
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具