动态语法与AngularJS和Highlight.js突出 [英] Dynamic Syntax Highlighting with AngularJS and Highlight.js
问题描述
我建立,说明常见的应用程序漏洞,如SQL注入的网站。我使用的 AngularJS 和 highlight.js ,以创建交互式的例子。
的我怎样才能使双方AngularJS和highlight.js更新我的code段?的
示例
这小提琴演示了如何输入'OR 1 = 1 - $ C如果用户在输入时有没有生效或者消毒$ C>在电子邮件字段可以更改查询的预期行为。
SELECT * FROM dbo.Users其中,email ='{{EMAIL}}'和密码='{{密码}}'
当用户输入一个电子邮件地址和密码,角更新查询。但是,语法高亮不更新。
SELECT * FROM dbo.Users WHERE Email='user@domain.com'和密码=''
我试图重新初始化hljs,但是当我做角停止更新查询。
hljs.initHighlighting.called = FALSE;
hljs.initHighlighting();
应用程序
<脚本>
VAR应用= angular.module(应用程序,['hljs']);
app.controller(控制功能($范围){
$ scope.email =user@domain.com;
$ scope.password =;
})
< / SCRIPT>
< DIV NG-应用=应用程序NG控制器=控制器>
< DIV>
< DIV CLASS =行>
< DIV CLASS =COL-SM-4>电邮
<输入类型=文本级=表格控NG模型=电子邮件>
< / DIV>
< DIV CLASS =COL-SM-4>密码
<输入类型=文本级=表格控NG模型=密码>
< / DIV>
< / DIV>
< BR>
< DIV hljs包括='编译我'编译=真LANGUAGE =SQL>< / DIV>
< / DIV>
<脚本类型=文/ NG-模板ID =编译我>
SELECT * FROM dbo.Users其中,email ='{{EMAIL}}'
和密码='{{密码}}'
< / SCRIPT>
< / DIV>
在的jsfiddle您提供您正在使用角highlightjs 而你的情况基本上是:
- 获取您所提供
模板包含
指令适用 - highlightjs 的模板产生HTML标记与库API强调具有特定语言正确的风格元素
- 在突出显示HTML标记然后传递到angularjs
$编译
事后没有highglighting发生。
要解决这个问题的方法之一是使用源
指令从角highlightjs
这是观察到,但我认为这是简单的建立一个自定义指令。
这里的窍门是手动插值并突出显示的内容。我已经更新您的拨弄用一个简单的高亮
指令,presents的理念是:
app.directive('亮点',函数($插值,$窗口){
返回{
限制:EA,
适用范围:真,
编译:功能(特莱姆,tAttrs){
VAR interpolateFn = $插值(tElem.html(),TRUE);
tElem.html(''); //停止自动intepolation 返回功能(范围,ELEM,ATTRS){
范围。$腕表(interpolateFn,功能(价值){
elem.html(hljs.highlight('SQL',值)。价值);
});
}
}
};
});
I am building a site that illustrates common application vulnerabilities such as SQL Injection. I am using AngularJS and highlight.js to create interactive examples.
How can I make both AngularJS and highlight.js update my code snippets?
Example
This Fiddle demonstrates how entering ' OR 1=1 --
in the Email field could change the intended behavior of the query if the user's input is not validated or sanitized.
SELECT * FROM dbo.Users WHERE Email='{{email}}' AND Password='{{password}}'
When a user enters an email address and password, Angular updates the query. However, syntax highlighting does not update.
SELECT * FROM dbo.Users WHERE Email='user@domain.com' AND Password=''
I tried re-initializing hljs, but when I do angular stops updating the query.
hljs.initHighlighting.called = false;
hljs.initHighlighting();
Application
<script>
var app = angular.module("app", ['hljs']);
app.controller("controller", function($scope) {
$scope.email = "user@domain.com";
$scope.password = "";
})
</script>
<div ng-app="app" ng-controller="controller">
<div>
<div class="row">
<div class="col-sm-4">Email
<input type="text" class="form-control" ng-model="email">
</div>
<div class="col-sm-4">Password
<input type="text" class="form-control" ng-model="password">
</div>
</div>
<br>
<div hljs include="'compile-me'" compile="true" language="sql"></div>
</div>
<script type="text/ng-template" id="compile-me">
SELECT * FROM dbo.Users WHERE Email = '{{email}}'
AND Password = '{{password}}'
</script>
</div>
In the jsfiddle you have provided you're using angular-highlightjs which in your case basically:
- Fetches the template you have provided with
include
directive applies - Invokes highlightjs library API on the template which produces HTML markup with highlighted elements having correct style for particular language
- The highlighted HTML markup is then passed over to angularjs
$compile
Afterwards no highglighting takes place - in particular even when interpolated content changes.
One way to solve it is to use source
directive from angular-highlightjs
which is observed but I think it's simpler to build a custom directive.
The trick here is to manually interpolate and highlight content. I've updated your fiddle with a simplistic highlight
directive that presents the idea:
app.directive('highlight', function($interpolate, $window){
return {
restrict: 'EA',
scope: true,
compile: function (tElem, tAttrs) {
var interpolateFn = $interpolate(tElem.html(), true);
tElem.html(''); // stop automatic intepolation
return function(scope, elem, attrs){
scope.$watch(interpolateFn, function (value) {
elem.html(hljs.highlight('sql',value).value);
});
}
}
};
});
这篇关于动态语法与AngularJS和Highlight.js突出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!