Escaping HTML from the model

Well, in HTML there are many super characters like: <, >, &, and ". When using these characters, it is very important to know let HTML know if we want to use them normally or in their special capacity.

In AngularJs if the data received from the model contains HTML elements then this should be escaped before inserting into the HTML template to the view. This is done to prevent the HTML injection attacks.

Suppose we have an image tag like below

<imgsrc="photo.jpg"alt="Indonesian Phrase of the Day: "Selamatpagi"" />

The value of the alt attribute will be displayed on the HTML in weird format. The first quotation of the alt tag will be treated as closing quote. To escape the same kind of problem angular provides some directive to escape the HTML.

Angular provides $sce and ng-bind-html directives to HTML escaping.

A nice read on HTML escaping in AngularJs go to below link

About Blogger


Hey! I am Anil Singh. I am Active Blogger, Writer and Programmer. I love learning new technologies, programming, blogging and participating the forum discussions more...

    Blogger Comment
    Facebook Comment
SQL Server NodeJs TypeScript JavaScript Angular SQL Server My Book