I used angular dom sanitizer to get html from a text area. It works perfectly for the first time after rendering the whole project, but the second time after revisit the component I got this message:
SafeValue must use [property]=binding: My text (see http://g.co/ng/security#xss).
I already pass the content with property binding using the inner-html property
const desc=this.sanitizer.bypassSecurityTrustHtml(this.ticket.description);
this.ticket.description = desc;
<p class="desc" [innerHTML]="ticket.description"></p>
I expected my plain text but i got that output described above.
you can bind directly like below:
<p class="desc" [innerHTML]="sanitizer.bypassSecurityTrustStyle(ticket.description)"></p>
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments