AngularJS API Reference
auto
auto/service
auto/service/$injector
auto/service/$provide
ng
ng/directive
ng/directive/a
ng/directive/form
ng/directive/input
ng/directive/input[checkbox]
ng/directive/input[date]
ng/directive/input[dateTimeLocal]
ng/directive/input[email]
ng/directive/input[month]
ng/directive/input[number]
ng/directive/input[radio]
ng/directive/input[text]
ng/directive/input[time]
ng/directive/input[url]
ng/directive/input[week]
ng/directive/ngApp
ng/directive/ngBind
ng/directive/ngBindHtml
ng/directive/ngBindTemplate
ng/directive/ngBlur
ng/directive/ngChange
ng/directive/ngChecked
ng/directive/ngClass
ng/directive/ngClassEven
ng/directive/ngClassOdd
ng/directive/ngClick
ng/directive/ngCloak
ng/directive/ngController
ng/directive/ngCopy
ng/directive/ngCsp
ng/directive/ngCut
ng/directive/ngDblclick
ng/directive/ngDisabled
ng/directive/ngFocus
ng/directive/ngForm
ng/directive/ngHide
ng/directive/ngHref
ng/directive/ngIf
ng/directive/ngInclude
ng/directive/ngInit
ng/directive/ngKeydown
ng/directive/ngKeypress
ng/directive/ngKeyup
ng/directive/ngList
ng/directive/ngModel
ng/directive/ngModelOptions
ng/directive/ngMousedown
ng/directive/ngMouseenter
ng/directive/ngMouseleave
ng/directive/ngMousemove
ng/directive/ngMouseover
ng/directive/ngMouseup
ng/directive/ngNonBindable
ng/directive/ngOpen
ng/directive/ngPaste
ng/directive/ngPluralize
ng/directive/ngReadonly
ng/directive/ngRepeat
ng/directive/ngSelected
ng/directive/ngShow
ng/directive/ngSrc
ng/directive/ngSrcset
ng/directive/ngStyle
ng/directive/ngSubmit
ng/directive/ngSwitch
ng/directive/ngTransclude
ng/directive/ngValue
ng/directive/script
ng/directive/select
ng/directive/textarea
ng/filter
ng/filter/currency
ng/filter/date
ng/filter/filter
ng/filter/json
ng/filter/limitTo
ng/filter/lowercase
ng/filter/number
ng/filter/orderBy
ng/filter/uppercase
ng/function
ng/function/angular.bind
ng/function/angular.bootstrap
ng/function/angular.copy
ng/function/angular.element
ng/function/angular.equals
ng/function/angular.extend
ng/function/angular.forEach
ng/function/angular.fromJson
ng/function/angular.identity
ng/function/angular.injector
ng/function/angular.isArray
ng/function/angular.isDate
ng/function/angular.isDefined
ng/function/angular.isElement
ng/function/angular.isFunction
ng/function/angular.isNumber
ng/function/angular.isObject
ng/function/angular.isString
ng/function/angular.isUndefined
ng/function/angular.lowercase
ng/function/angular.module
ng/function/angular.noop
ng/function/angular.toJson
ng/function/angular.uppercase
ng/object
ng/object/angular.version
ng/provider
ng/provider/$animateProvider
ng/provider/$compileProvider
ng/provider/$controllerProvider
ng/provider/$filterProvider
ng/provider/$httpProvider
ng/provider/$interpolateProvider
ng/provider/$locationProvider
ng/provider/$logProvider
ng/provider/$parseProvider
ng/provider/$rootScopeProvider
ng/provider/$sceDelegateProvider
ng/provider/$sceProvider
ng/service
ng/service/$anchorScroll
ng/service/$animate
ng/service/$cacheFactory
ng/service/$compile
ng/service/$controller
ng/service/$document
ng/service/$exceptionHandler
ng/service/$filter
ng/service/$http
ng/service/$httpBackend
ng/service/$interpolate
ng/service/$interval
ng/service/$locale
ng/service/$location
ng/service/$log
ng/service/$parse
ng/service/$q
ng/service/$rootElement
ng/service/$rootScope
ng/service/$sce
ng/service/$sceDelegate
ng/service/$templateCache
ng/service/$timeout
ng/service/$window
ng/type
ng/type/$cacheFactory.Cache
ng/type/$compile.directive.Attributes
ng/type/$rootScope.Scope
ng/type/angular.Module
ng/type/form.FormController
ng/type/ngModel.NgModelController
ngAnimate
ngAnimate/provider
ngAnimate/provider/$animateProvider
ngAnimate/service
ngAnimate/service/$animate
ngCookies
ngCookies/service
ngCookies/service/$cookies
ngCookies/service/$cookieStore
ngMessages
ngMessages/directive
ngMessages/directive/ngMessage
ngMessages/directive/ngMessages
ngMock
ngMock/function
ngMock/function/angular.mock.dump
ngMock/function/angular.mock.inject
ngMock/function/angular.mock.module
ngMock/object
ngMock/object/angular.mock
ngMock/provider
ngMock/provider/$exceptionHandlerProvider
ngMock/service
ngMock/service/$exceptionHandler
ngMock/service/$httpBackend
ngMock/service/$interval
ngMock/service/$log
ngMock/service/$timeout
ngMock/type
ngMock/type/angular.mock.TzDate
ngMockE2E
ngMockE2E/service
ngMockE2E/service/$httpBackend
ngResource
ngResource/service
ngResource/service/$resource
ngRoute
ngRoute/directive
ngRoute/directive/ngView
ngRoute/provider
ngRoute/provider/$routeProvider
ngRoute/service
ngRoute/service/$route
ngRoute/service/$routeParams
ngSanitize
ngSanitize/filter
ngSanitize/filter/linky
ngSanitize/service
ngSanitize/service/$sanitize
ngTouch
ngTouch/directive
ngTouch/directive/ngClick
ngTouch/directive/ngSwipeLeft
ngTouch/directive/ngSwipeRight
ngTouch/service
ngTouch/service/$swipe
©
本文档使用 PHP中文网手册 发布
文字
AngularJS: API: ngSanitize/service/$sanitize
$sanitize
- - service in module ngSanitize
The input is sanitized by parsing the html into tokens. All safe tokens (from a whitelist) are then serialized back to properly escaped html string. This means that no unsafe input can make it into the returned string, however, since our parser is more strict than a typical browser parser, it's possible that some obscure input, which would be recognized as valid HTML by a browser, won't make it through the sanitizer. The whitelist is configured using the functions aHrefSanitizationWhitelist and imgSrcSanitizationWhitelist of $compileProvider.
用法
$sanitize(html);
参数
| 参数 | 类型 | 详述 |
|---|---|---|
| html | string | Html input. |
返回值
| string | Sanitized html. |
示例
index.html
<script>
angular.module('sanitizeExample', ['ngSanitize'])
.controller('ExampleController', ['$scope', '$sce', Function($scope, $sce) {
$scope.snippet =
'<p style="color:blue">an html\n' +
'<em onmouseover="this.textContent=\'PWN3D!\'">click here</em>\n' +
'snippet</p>';
$scope.deliberatelyTrustDangerousSnippet = Function() {
return $sce.trustAsHtml($scope.snippet);
};
}]);</script><div ng-controller="ExampleController">
Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
<table>
<tr>
<td>Directive</td>
<td>How</td>
<td>Source</td>
<td>Rendered</td>
</tr>
<tr id="bind-html-with-sanitize">
<td>ng-bind-html</td>
<td>Automatically uses $sanitize</td>
<td><pre><div ng-bind-html="snippet"><br/></div></pre></td>
<td><div ng-bind-html="snippet"></div></td>
</tr>
<tr id="bind-html-with-trust">
<td>ng-bind-html</td>
<td>Bypass $sanitize by explicitly trusting the dangerous value</td>
<td>
<pre><div ng-bind-html="deliberatelyTrustDangerousSnippet()"></div></pre>
</td>
<td><div ng-bind-html="deliberatelyTrustDangerousSnippet()"></div></td>
</tr>
<tr id="bind-default">
<td>ng-bind</td>
<td>Automatically escapes</td>
<td><pre><div ng-bind="snippet"><br/></div></pre></td>
<td><div ng-bind="snippet"></div></td>
</tr>
</table>
</div>protractor.js
it('should sanitize the html snippet by default', Function() {
expect(element(by.css('#bind-html-with-sanitize div')).getInnerHtml()).
toBe('<p>an html\n<em>click here</em>\nsnippet</p>');});
it('should inline raw snippet if bound to a trusted value', Function() {
expect(element(by.css('#bind-html-with-trust div')).getInnerHtml()).
toBe("<p style=\"color:blue\">an html\n" +
"<em onmouseover=\"this.textContent='PWN3D!'\">click here</em>\n" +
"snippet</p>");});
it('should escape snippet without any filter', Function() {
expect(element(by.css('#bind-default div')).getInnerHtml()).
toBe("<p style=\"color:blue\">an html\n" +
"<em onmouseover=\"this.textContent='PWN3D!'\">click here</em>\n" +
"snippet</p>");});
it('should update', Function() {
element(by.model('snippet')).clear();
element(by.model('snippet')).sendKeys('new <b onclick="alert(1)">text</b>');
expect(element(by.css('#bind-html-with-sanitize div')).getInnerHtml()).
toBe('new <b>text</b>');
expect(element(by.css('#bind-html-with-trust div')).getInnerHtml()).toBe(
'new <b onclick="alert(1)">text</b>');
expect(element(by.css('#bind-default div')).getInnerHtml()).toBe(
"new <b onclick=\"alert(1)\">text</b>");});