AngularJS:如何解决“试图在安全的上下文中使用不安全的值”? [英] AngularJS: How to resolve "Attempting to use an unsafe value in a safe context"?
问题描述
当我试图将我的数据显示为text-html时,它以HTML格式显示,但当我刷新页面时,出现此错误:
$
这是我的<强> AngularJS 代码:
data.attributes.task_name = $ sce.trustAsHtml(data.attributes.task_name) ;
HTML
< span ng-bind-html =taskdata.attributes.task_namedata-html =truetitle ={{reminder.attributes.message}}><< ; /跨度>
从 Angular文档 :
在特定上下文中使用的值未被认定为
safe / trusted for use。
AngularJS的严格上下文转义(SCE)模式(由
默认启用),需要某些绑定上下文导致价值
,这是值得信赖的安全在这种情况下使用。 (例如,从一个URL加载
AngularJS模板需要该URL被认为是
safe才能加载资源。)
这有助于防止XSS和其他安全问题。请阅读 Strict
上下文转义(SCE)
您可能希望包含
ngSanitize模块以使用自动
消毒。
您必须包含 ngSanitize :
将它加载到 index.html :
< script src =lib / angular /角sanitize.min.js>< /脚本>
将它注入 app.js 的依赖项中:
angular.module('myApp',['...','ngSanitize']);
When I tried to show my data as a text-html, it displayed in HTML format but when I refreshed the page, I am getting this error:
[$sce:unsafe] Attempting to use an unsafe value in a safe context.
Here is my AngularJS code:
data.attributes.task_name = $sce.trustAsHtml(data.attributes.task_name);
HTML
<span ng-bind-html="taskdata.attributes.task_name" data-html="true" title="{{reminder.attributes.message}}"></span>
From the Angular documentation:
The value provided for use in a specific context was not found to be safe/trusted for use.
AngularJS's Strict Contextual Escaping (SCE) mode (enabled by default), requires bindings in certain contexts to result in a value that is trusted as safe for use in such a context. (e.g. loading an AngularJS template from a URL requires that the URL is one considered safe for loading resources.)
This helps prevent XSS and other security issues. Read more at Strict Contextual Escaping (SCE)
You may want to include the
ngSanitizemodule to use the automatic sanitizing.
You have to include ngSanitize:
Load it on index.html:
<script src="lib/angular/angular-sanitize.min.js"></script>
Inject it as a dependency in your app.js:
angular.module('myApp', ['...', 'ngSanitize']);
这篇关于AngularJS:如何解决“试图在安全的上下文中使用不安全的值”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
