Angular has a very robust security model. Dynamically inserted html, style or url values into the DOM open up possibilities for attackers to compromise your site. Thus Angular treats all values as untrusted by default. In this lesson we learn how to “sanitize” values where we are sure they are trustful.

import { Component } from '@angular/core';

import { DomSanitizer } from '@angular/platform-browser';

@Component({

  selector: 'sanitized-component',

  template: `

    <div [style]="getStyle()">

    </div>

  `

})

export class SanitizedComponent {

  constructor(private sanitizer: DomSanitizer) {}

  getStyle() {

    const gravatarUrl = 'https://cdn1.lelynx.fr/wp-content/uploads/2016/02/chat-pleure-1-150x150.jpg';

    const style = `background-image: url(${gravatarUrl}); width:150px; height:150px; border:1px solid black;`;

    return this.sanitizer.bypassSecurityTrustStyle(style);

  }

}

[Angular] Use Angular style sanitization to mark dynamic styles as trusted values的更多相关文章

  1. ASP.NET Core 2.1 Web API + Identity Server 4 + Angular 6 + Angular Material 实战小项目视频

    视频简介 ASP.NET Core Web API + Angular 6的教学视频 我是后端开发人员, 前端的Angular部分讲的比较差一些, 可以直接看代码!!!! 这是一个小项目的实战视频, ...

  2. angular 2 angular quick start Could not find HammerJS

    Angular2 的material中 引用了 hammerjs,遇到Could not find HammerJS错误,正确的步骤如下: 需要在如下位置增加 对material 和 hammerjs ...

  3. [Angular Directive] Assign a Structual Directive a Dynamic Context in Angular 2

     Just like passing in an array to *ngFor, you can pass in any value into your structural directive s ...

  4. 简话Angular 03 Angular内置表达式大全

    一句话: 大多数html标签属性和事件都有一个对应的ng指令 说明:这些指令和原生html最大的区别就是可以动态更新.比如一个div的样式用ng-class后,我们就可以随意应用css class. ...

  5. [Angular] Use Angular’s @HostBinding and :host(...) to add styling to the component itself

    One thing that we can do is to add styles directly to HTML elements that live within our component. ...

  6. [Angular] Configurable Angular Components - Content Projection and Input Templates

    We are going to have a modal component: <au-modal > </au-modal> And we can pass default ...

  7. angular+selecte2(angular ng-repeat渲染)

    一.页面代码 <select id="sponsorId" select2 ng-model="sponsorSelectedObj" ng-change ...

  8. [Angular 2] Angular 2 Smart Components vs Presentation Components

    Both Smart Components and Presentation Components receive data from Services in entirely different w ...

  9. Intergate flot with Angular js ——Angular 图形报表

    下面这篇文章最终的结论就是 Flot 插件 结合 Angular 的Directive 来处理 图表的绘制 给出github上的一个demo源码.https://gist.github.com/fly ...

随机推荐

  1. mescroll报错

    1.Cannot read property 'insertBefore' of null:说明你的容器id未找到,应确认你的容器id名与你NEW的容器名一致:

  2. Yeslab 华为安全HCIE-第五门-防火墙攻击防范技术

    Yeslab 华为安全HCIE-第五门-防火墙攻击防范技术 课程目录 Yeslab华为安全HCIE-第五门-防火墙攻击防范技术(8篇)\1_单包攻击防范.aviYeslab华为安全HCIE-第五门-防 ...

  3. 紫书 例题 9-5 UVa 12563 ( 01背包变形)

    总的来说就是价值为1,时间因物品而变,同时注意要刚好取到的01背包 (1)时间方面.按照题意,每首歌的时间最多为t + w - 1,这里要注意. 同时记得最后要加入时间为678的一首歌曲 (2)这里因 ...

  4. 【Uva 1626】Brackets sequence

    [Link]: [Description] 括号序列由这样的规则生成: 1.空字符是一个括号序列; 2.在括号序列两端加上一对括号也是括号序列; 如(s),[s]; 3.两个括号序列A和B,连在一起, ...

  5. 关于jquery点击之后,标签的hover失效这个问题

    做一个点击切换的效果,加在a标签上,jquery的click加上css中的hover 点击之后,css的hover效果就没有了,后来知道是click的权值比外联的css大 当点击之后,css代码就被覆 ...

  6. 企业实战之部署Solarwinds Network八部众

    企业实战之部署Solarwinds Network 网管系统八部众 Orion Network Performance Monitor是全面的带宽性能监控和故障管理软件,能监控并收集来自路由器.交换机 ...

  7. halt---关闭正在运行的Linux操作系统。

    halt命令用来关闭正在运行的Linux操作系统.halt命令会先检测系统的runlevel,若runlevel为0或6,则关闭系统,否则即调用shutdown来关闭系统. 语法 halt(选项) 选 ...

  8. [AngularFire] Angular File Uploads to Firebase Storage with Angular control value accessor

    The upload class will be used in the service layer. Notice it has a constructor for file attribute, ...

  9. python中lambda的另类使用

    带if/else: ( lambda x, y: x if x < y else y )( 1, 2 ) 科里化: ( lambda x: ( lambda y: ( lambda z: x + ...

  10. 编写一个程序,把指定目录下的所有的带.java文件都拷贝到另一个目录中,拷贝成功后,把后缀名是.java的改成.txt。

    package example; import java.io.*; public class Test { public static void main(String[] args) throws ...