基于范围变量的角集形式动作 [英] Angular set form action based on variable in scope

问题描述

我一直在尝试设置一个搜索表单，以便在其中插入表单操作属性.

I've been trying to setup a search form where I can inject the form action attribute.

我有表格

<form action="{{action}}">

然后在我的控制器中有

$scope.action = "http://www.somesite.com"

这给了我一个内插错误，因为它在字符串中有不可信的"http:".我该如何解决.我知道我可以使用ng-bind-html将html放入dom中，但是我不知道是否可以仅将它用于属性.

That gives me an interpolate error because it has untrusted "http:" in the string. How do I get around this. I know I can use ng-bind-html to put html in the dom but I dont know if I can get that to work with an attribute only.

还有其他人遇到过此问题.我真的想不出解决办法.

Has anyone else had this issue. I really cant think of a way around it.

谢谢

推荐答案

如果您使用的是Angular.js 1.2或更高版本，则可以访问严格的上下文转义服务，$sce.

if you are using Angular.js 1.2 or above, you have access to the Strict Contextual Escaping Service, $sce.

SCE通过以下方式帮助编写代码:(a)默认情况下是安全的，并且(b)使得对安全漏洞(例如XSS，clickjacking等)的审核变得容易得多.

SCE assists in writing code in way that (a) is secure by default and (b) makes auditing for security vulnerabilities such as XSS, clickjacking, etc. a lot easier.

在$ sce内，您可以将变量传递给$sce.trustAsUrl(value)以获取其原始值.因此，您应该可以使用:

within $sce, you can pass a variable to $sce.trustAsUrl(value) to obtain it's original value. So you should be able to use:

$scope.action = $sce.trustAsUrl("http://www.somesite.com");

这篇关于基于范围变量的角集形式动作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！