在AngularJS中,ng-bind、ng-bind-html、ng-bin -html不安全的区别?

时间:2022-02-02 20:23:11

I want to know difference between ng-bind, ng-bind-html and ng-bind-html-unsafe.

我想知道ng-bind、ng-bind-html和ng-bind-html不安全之间的区别。

Also when I run below code, I am getting error which is as mentioned below :

当我在代码下面运行时,我也会得到如下所述的错误:

Code :

代码:

 <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
        pageEncoding="ISO-8859-1"%>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>HTML Injection Security in AngularJS</title>

<script type="text/javascript" src="/js/angular.js"></script>

<script type="text/javascript">

angular.module("myApp", []).controller("myController",function($scope)
{
    $scope.getValue = function()
    {
        return "<b>Hello World</b>";
    };
});

</script>

</head>
<body>

<div ng-app="myApp" ng-controller="myController">
    <span ng-bind-html="getValue();"></span>
    <span>Normal Text</span>
</div>

</body>
</html>

Error :

错误:

Error: [$sce:unsafe] Attempting to use an unsafe value in a safe context. http://errors.angularjs.org/1.3.11/$sce/unsafe at REGEX_STRING_REGEXP (https://www.angularapprj.com:4443/js/angular.js:63:12) at htmlSanitizer (https://www.angularapprj.com:4443/js/angular.js:15053:13) at getTrusted (https://www.angularapprj.com:4443/js/angular.js:15217:16) at Object.$get.sce.(anonymous function) [as getTrustedHtml] (https://www.angularapprj.com:4443/js/angular.js:15897:16) at Object.ngBindHtmlWatchAction [as fn] (https://www.angularapprj.com:4443/js/angular.js:20449:29) at Scope.$get.Scope.$digest (https://www.angularapprj.com:4443/js/angular.js:14230:29) at Scope.$get.Scope.$apply (https://www.angularapprj.com:4443/js/angular.js:14493:24) at bootstrapApply (https://www.angularapprj.com:4443/js/angular.js:1449:15) at Object.invoke (https://www.angularapprj.com:4443/js/angular.js:4182:17) at doBootstrap (https://www.angularapprj.com:4443/js/angular.js:1447:14)

错误:[$sce:不安全]试图在安全上下文中使用不安全值。http://errors.angularjs.org/1.3.11/$sce/不安全的regexp (https://www.angularapprj.com:4443/js/angular.js:63:12)(匿名函数)[as getTrustedHtml] (https://www.angularapprj.com:4443/js/angular.js:15897:16)ngBindHtmlWatchAction [as fn] (https://www.angularapprj.com:4443/js/angular.js:20449:29)。美元消化(https://www.angularapprj.com:4443 / js / angular.js:14230:29)在get.Scope美元范围。。$apply (https://www.angularapprj.com:4443/js/angular.js:14493:24) at Object (https://www.angularapprj.com:4443/js/angular.js:1449:15)调用(https://www.angularapprj.com:4443/js/angular.js:4182:17)在doBootstrap (https://www.angularapprj.com:4443/js/angular.js:1447:14)

What does it mean? I know using declarative code within imperative code is not good practice, though I was just trying with <b>Hello World</b> in ng-bind-html directive.

这是什么意思?我知道在命令式代码中使用声明性代码不是很好的实践,尽管我只是在ng-bind-html指令中尝试使用Hello World

1 个解决方案

#1


2  

After searching I got below information from https://docs.angularjs.org/guide/migration#ngbindhtmlunsafe-has-been-removed-and-replaced-by-ngbindhtml: In Angular version 1.3 they have migrated from ng-bind-html-unsafe to ng-bind-html, though one point of question is remaining,Why I am getting error which is mentioned in post ?

在搜索之后,我从https://docs.angularjs.org/guide/migration#ngbindhtmlunsafe- been- been- been- remove- and-replaced-by-ngbindhtml获得了以下信息:在有棱角的1.3版本中,他们已经从ng-bind-html迁移到ng-bind- bind- bind-html,尽管还有一个问题,为什么我在文章中提到了错误?

在AngularJS中,ng-bind、ng-bind-html、ng-bin -html不安全的区别?

#1


2  

After searching I got below information from https://docs.angularjs.org/guide/migration#ngbindhtmlunsafe-has-been-removed-and-replaced-by-ngbindhtml: In Angular version 1.3 they have migrated from ng-bind-html-unsafe to ng-bind-html, though one point of question is remaining,Why I am getting error which is mentioned in post ?

在搜索之后,我从https://docs.angularjs.org/guide/migration#ngbindhtmlunsafe- been- been- been- remove- and-replaced-by-ngbindhtml获得了以下信息:在有棱角的1.3版本中,他们已经从ng-bind-html迁移到ng-bind- bind- bind-html,尽管还有一个问题,为什么我在文章中提到了错误?

在AngularJS中,ng-bind、ng-bind-html、ng-bin -html不安全的区别?