DomSanitizer通过清理在不同DOM上下文中安全使用的值,帮助防止跨站点脚本安全漏洞(XSS)
abstract sanitize(context: SecurityContext, value: SafeValue | string | null): string | null; abstract bypassSecurityTrustHtml(value: string): SafeHtml; abstract bypassSecurityTrustStyle(value: string): SafeStyle; abstract bypassSecurityTrustScript(value: string): SafeScript; abstract bypassSecurityTrustUrl(value: string): SafeUrl; abstract bypassSecurityTrustResourceUrl(value: string): SafeResourceUrl;
<iframe [src]="url"></iframe>
import { Component, OnInit, Input} from ‘@angular/core‘;
import { DomSanitizer } from ‘@angular/platform-browser‘; @Component({ selector: ‘app-iframe‘, templateUrl: ‘./iframe.component.html‘, styleUrls: [‘./iframe.component.less‘], }) export class IframeComponent implements OnInit{
src: any; constructor(private sanitizer: DomSanitizer) {}
this.src = this.sanitizer.bypassSecurityTrustResourceUrl(this.url);
}
原文:https://www.cnblogs.com/tingying/p/12027725.html