DomSanitizer change attributes to lower case on bypassSecurityTrustHtml

Question

I have a pipe that uses DomSanitizer to bypass HTML. It's bypassing it. But, it converts all attributes inside the element to lower case. The pipe looks like this:

    @Pipe({
        name: 'innerHTML'
    })
    export class InnerHTMLPipe implements PipeTransform {

        constructor(private _sanitizer: DomSanitizer) { }

        transform(value: any, args?: any): SafeHtml {
            return this._sanitizer.bypassSecurityTrustHtml(value ? value : '');
        }
    }

The component that generates the string looks like this:

    <div [innerHTML]="getProgress(data) | innerHTML"></div>

    return `<span
        matTooltipPosition="above"
        matTooltip="blablabla">hello</span>`;

But the output ends up like this:

    <div>
        <span mattooltipposition="above" mattooltip="blablabla">hello</span>
    </div>

How do I prevent DomSanitizer from changing the attributes and keep the attributes intact?

I think angular will not allow to intialize mattooltipposition directive using domsanitizer. — Chellappan வ, Nov 27 '19 at 16:08

score 1 · Answer 1 · answered Nov 27 '19 at 16:14

Firstly, it doesn't do that, all bypassSecurityTrustHtml does is store your string in a class property: https://github.com/angular/angular/blob/bbeac0727b8f267a47aba1ff1bcfc8cc5ca15b61/packages/platform-browser/src/security/dom_sanitization_service.ts#L204

Secondly, you cannot get Angular directives to work simply by adding them to DOM manually.

Thirdly, html is case-insensitive so it wouldn't matter in theory: Is HTML case sensitive?

DomSanitizer change attributes to lower case on bypassSecurityTrustHtml

1 Answers1