基于范围变量的角集形式动作 [英] Angular set form action based on variable in scope
问题描述
我一直在尝试设置一个搜索表单,以便在其中插入表单操作属性.
I've been trying to setup a search form where I can inject the form action attribute.
我有表格
<form action="{{action}}">
然后在我的控制器中有
$scope.action = "http://www.somesite.com"
这给了我一个内插错误,因为它在字符串中有不可信的"http:".我该如何解决.我知道我可以使用ng-bind-html将html放入dom中,但是我不知道是否可以仅将它用于属性.
That gives me an interpolate error because it has untrusted "http:" in the string. How do I get around this. I know I can use ng-bind-html to put html in the dom but I dont know if I can get that to work with an attribute only.
还有其他人遇到过此问题.我真的想不出解决办法.
Has anyone else had this issue. I really cant think of a way around it.
谢谢
推荐答案
如果您使用的是Angular.js 1.2或更高版本,则可以访问严格的上下文转义服务,$sce
.
if you are using Angular.js 1.2 or above, you have access to the Strict Contextual Escaping Service, $sce
.
SCE通过以下方式帮助编写代码:(a)默认情况下是安全的,并且(b)使得对安全漏洞(例如XSS,clickjacking等)的审核变得容易得多.
SCE assists in writing code in way that (a) is secure by default and (b) makes auditing for security vulnerabilities such as XSS, clickjacking, etc. a lot easier.
在$ sce内,您可以将变量传递给$sce.trustAsUrl(value)
以获取其原始值.因此,您应该可以使用:
within $sce, you can pass a variable to $sce.trustAsUrl(value)
to obtain it's original value. So you should be able to use:
$scope.action = $sce.trustAsUrl("http://www.somesite.com");
这篇关于基于范围变量的角集形式动作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!