如何prevent从评估模板前pressions角 [英] How to prevent angular from evaluating template expressions

问题描述

在我的应用程序的用户可以为他们的个人资料提供说明。问题是，我不给，从角像前pressions像限制他们{{一些前pression}} 。这样，我的应用程序是XSS脆弱。是否有可能使角留下元素​​的内容，而不要对其进行评估，即使他们有角的前pressions？

In my app the users can provide a description for their profiles. Problem is that I don't restrict them from giving angular-like expressions like {{ some expression }}. That way my app is XSS vulnerable. Is it possible to make angular leave the contents of an element as is and not evaluate them even if they have angular expressions?

推荐答案

如果它适合你的使用情况，但有是的 ngNonBindable 指令：

Not sure if it fits your use case, but there is the ngNonBindable directive:

<div ng-non-bindable>This is a {{profile}}</div>

只会显示：

This is a {{profile}}

这篇关于如何prevent从评估模板前pressions角的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！