AngularJS:如何解决“尝试在安全上下文中使用不安全值"? [英] AngularJS: How to resolve "Attempting to use an unsafe value in a safe context"?

问题描述

当我尝试将数据显示为 text-html 时，它以 HTML 格式显示，但是当我刷新页面时，出现此错误:

When I tried to show my data as a text-html, it displayed in HTML format but when I refreshed the page, I am getting this error:

[$sce:unsafe] 试图在安全上下文中使用不安全的值.

[$sce:unsafe] Attempting to use an unsafe value in a safe context.

这是我的 AngularJS 代码:

data.attributes.task_name = $sce.trustAsHtml(data.attributes.task_name);

HTML

<span ng-bind-html="taskdata.attributes.task_name" data-html="true" title="{{reminder.attributes.message}}"></span>

推荐答案

来自 Angular 文档:

未发现为在特定上下文中使用而提供的值安全/值得信赖.

The value provided for use in a specific context was not found to be safe/trusted for use.

AngularJS 的 严格上下文转义 (SCE) 模式(由默认)，需要在某些上下文中绑定才能产生一个值在这种情况下使用是安全的.(例如加载一个来自 URL 的 AngularJS 模板要求考虑 URL加载资源是安全的.)

AngularJS's Strict Contextual Escaping (SCE) mode (enabled by default), requires bindings in certain contexts to result in a value that is trusted as safe for use in such a context. (e.g. loading an AngularJS template from a URL requires that the URL is one considered safe for loading resources.)

这有助于防止 XSS 和其他安全问题.在 Strict 阅读更多上下文转义 (SCE)

This helps prevent XSS and other security issues. Read more at Strict Contextual Escaping (SCE)

您可能希望包含 ngSanitize 模块以使用自动消毒.

You may want to include the ngSanitize module to use the automatic sanitizing.

<小时>

您必须包含 ngSanitize:

将其加载到 index.html:

<script src="lib/angular/angular-sanitize.min.js"></script>

将其作为依赖项注入您的 app.js:

Inject it as a dependency in your app.js:

angular.module('myApp', ['...', 'ngSanitize']);

这篇关于AngularJS:如何解决“尝试在安全上下文中使用不安全值"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！