如何撤消绕过SecuritySecurityTrustHtml,即将SafeValue转换回字符串 [英] How to undo bypassSecurityTrustHtml, i.e convert SafeValue back to string
本文介绍了如何撤消绕过SecuritySecurityTrustHtml,即将SafeValue转换回字符串的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在生成html,并使用
I am generating html, and inserting it into my web page using
let data = '<font color=blue>hello world</font>';
this.safevalue = this.domSanitizer.bypassSecurityTrustHtml(data);
在我的代码的其他地方,我想将安全值转换回字符串,所以我尝试了...
Elsewhere in my code I want to convert the safe value back into a string, so I tried this...
data = this.safevalue.toString();
但是这会将数据设置为这样的字符串...
but this sets data to a string like this...
'SafeValue must use [property]=binding: (see http://g.co/ng/security#xss)'
这没有帮助
推荐答案
我不知道您是否已经找到解决方法,但是,如果您只想使用原始值,请标记为安全:
I don't know if you already found a fix for this, but, if you just want the original value, marked as safe:
var yourString = this.domSanitizer.sanitize(SecurityContext.HTML, data)
这篇关于如何撤消绕过SecuritySecurityTrustHtml,即将SafeValue转换回字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文