Escaping HTML from the model


Well, in HTML there are many super characters like: <, >, &, and ". When using these characters, it is very important to know let HTML know if we want to use them normally or in their special capacity.

In AngularJs if the data received from the model contains HTML elements then this should be escaped before inserting into the HTML template to the view. This is done to prevent the HTML injection attacks.

Suppose we have an image tag like below

<imgsrc="photo.jpg"alt="Indonesian Phrase of the Day: "Selamatpagi"" />

The value of the alt attribute will be displayed on the HTML in weird format. The first quotation of the alt tag will be treated as closing quote. To escape the same kind of problem angular provides some directive to escape the HTML.

Angular provides $sce and ng-bind-html directives to HTML escaping.

A nice read on HTML escaping in AngularJs go to below link




About Blogger

ANIL SINGH

Hey! I am Anil Singh. I am Active Blogger, Writer and Programmer. I love learning new technologies, programming, blogging and participating the forum discussions more...
http://www.code-sample.com
http://www.code-sample.xyz

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

SQL Server NodeJs TypeScript JavaScript Angular SQL Server My Book