37891

How to undo bypassSecurityTrustHtml, i.e convert SafeValue back to string

Question:

I am generating html, and inserting it into my web page using

let data = '<font color=blue>hello world</font>'; this.safevalue = this.domSanitizer.bypassSecurityTrustHtml(data);

Elsewhere in my code I want to convert the safe value back into a string, so I tried this...

data = this.safevalue.toString();

but this sets data to a string like this...

'SafeValue must use [property]=binding: (see http://g.co/ng/security#xss)'

which is not helpful

Answer1:

I don't know if you already found a fix for this, but, if you just want the original value, marked as safe:

var yourString = this.domSanitizer.sanitize(SecurityContext.HTML, data)

Answer2:

I've dug through the <a href="https://github.com/angular/angular/blob/4.4.6/packages/platform-browser/src/security/dom_sanitization_service.ts#L18-L26" rel="nofollow">source code</a> and it appears that it is <strong><em>not possible</em></strong> to get the original string from a SafeValue. So I guess I'll have to keep parallel data array for all the unsafe values.

Recommend

  • Why sanitizer.bypassSecurityTrustStyle returns warning when setting [style.background-image] attribu
  • Displaying a FILE_URI image taken by Native Camera in Ionic 3
  • Angular4 routerLink inside innerHTML turned to lowercase
  • Parse Image from Microsoft Graph API
  • Firing events from dynamically added html
  • MagicalRecord completion block is not called under test target
  • iOS client server approach
  • Using imported docs from MongoDB in DerbyJS
  • Detect when the drawer is closed while using MMDrawerController
  • How do we specify the client area size of a form in design mode?
  • When to use clone() and how actually addAll() and add() works
  • Extract java script from html document using regular expression
  • Internet Explorer ignores really small heights set in CSS
  • Copy background from one element to another using jQuery not working in firefox
  • use grep and awk to transfer data from .srt to .csv/xls
  • updatesearchresultsforsearchcontroller not called
  • Can't set character_set_results to latin1
  • Change paused animation's play state to running on click of a link
  • Performance of System.IO.ReadAllxxx / WriteAllxxx methods
  • Gnuplot multiplot: Convenient method for creating more complex layouts
  • iterparse fails to parse a field, while other similar ones are fine
  • How to filter the baselines(UCM) alone from describe command?
  • Why are `colMeans()` and `rowMeans()` functions faster than using the mean function with `lapply()`?
  • How to initialize context? [closed]
  • Granting permissions to Azure Active Directory Web Application automatically
  • Watson Conversation - Why is the ANYTHING ELSE node not chosen
  • pickle.PicklingError: args[0] from __newobj__ args has the wrong class with hadoop python
  • Using $compile in a directive triggers AngularJS infinite digest error
  • In matplotlib, how do you change the fontsize of a single figure?
  • Convert SQLite database to XML
  • Entity Framework Code First TPC Inheritance Self-Referencing Child Class
  • WPF Visiblity Binding to Boolean Expression with multiple Variables
  • Conversion from string “a” to type 'Boolean' is not valid
  • Where to put my custom functions in Wordpress?
  • Arrays break string types in Julia
  • Benchmarking RAM performance - UWP and C#
  • Acquiring multiple attributes from .xml file in c#
  • How to CLICK on IE download dialog box i.e.(Open, Save, Save As…)
  • How can I remove ASP.NET Designer.cs files?
  • java string with new operator and a literal