I am generating html, and inserting it into my web page using
let data = '<font color=blue>hello world</font>'; this.safevalue = this.domSanitizer.bypassSecurityTrustHtml(data);
Elsewhere in my code I want to convert the safe value back into a string, so I tried this...
data = this.safevalue.toString();
but this sets data to a string like this...
'SafeValue must use [property]=binding: (see http://g.co/ng/security#xss)'
which is not helpfulAnswer1:
I don't know if you already found a fix for this, but, if you just want the original value, marked as safe:
var yourString = this.domSanitizer.sanitize(SecurityContext.HTML, data)Answer2:
I've dug through the <a href="https://github.com/angular/angular/blob/4.4.6/packages/platform-browser/src/security/dom_sanitization_service.ts#L18-L26" rel="nofollow">source code</a> and it appears that it is <strong><em>not possible</em></strong> to get the original string from a
SafeValue. So I guess I'll have to keep parallel data array for all the unsafe values.