我正在编写一个涉及设置iframe
src
属性的教程:
<iframe width="100%" height="300" src="{{video.url}}"></iframe>
这引发了一个异常:
Error: unsafe value used in a resource URL context
at DomSanitizationServiceImpl.sanitize...
我已经try 过使用[src]
个绑定,但没有成功.
我正在编写一个涉及设置iframe
src
属性的教程:
<iframe width="100%" height="300" src="{{video.url}}"></iframe>
这引发了一个异常:
Error: unsafe value used in a resource URL context
at DomSanitizationServiceImpl.sanitize...
我已经try 过使用[src]
个绑定,但没有成功.
Update v8个
下面的答案是有效的,但只有exposes your application to XSS security risks!个.
不使用this.sanitizer.bypassSecurityTrustResourceUrl(url)
,建议使用this.sanitizer.sanitize(SecurityContext.URL, url)
Update
对于RC.6^版本,请使用DomSanitizer
100
一个很好的 Select 是使用纯管道:
import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer} from '@angular/platform-browser';
@Pipe({ name: 'safe' })
export class SafePipe implements PipeTransform {
constructor(private sanitizer: DomSanitizer) {}
transform(url) {
return this.sanitizer.bypassSecurityTrustResourceUrl(url);
}
}
记住将新的SafePipe
添加到AppModule的declarations
数组中.(as seen on documentation)
@NgModule({
declarations : [
...
SafePipe
],
})
html
<iframe width="100%" height="300" [src]="url | safe"></iframe>
100
如果您使用embed
标签,这可能会让您感兴趣:
Old version RC.5个
你可以像这样利用DomSanitizationService
:
export class YourComponent {
url: SafeResourceUrl;
constructor(sanitizer: DomSanitizationService) {
this.url = sanitizer.bypassSecurityTrustResourceUrl('your url');
}
}
然后在模板中绑定到url
:
<iframe width="100%" height="300" [src]="url"></iframe>
不要忘记添加以下导入:
import { SafeResourceUrl, DomSanitizationService } from '@angular/platform-browser';
100