I have an ionic app in which i preview images in base64 using [src]="sanitizer.bypassSecurityTrustUrl(myBase64Photo), is neccesary there to preview because i had a warning, but im not sure if it is necessary after the image is stored in firebase and I retrieve it and load it, the thing is that if i do: , in the network i see multiple calls to firebase even if i click anyware in my home page where this images are loaded (BUT EVENT IF I DONT CLICK THEM). So I exceed the quota if i keep the bypass there. Thanks in advance
Asked
Active
Viewed 36 times
-1
-
The reloading of your image is due to how you obtain the `myBase64Photo`. You are probably not doing this in the correct way, causing it to reload with every change detection cycle. Also how you defined the `src` in your code right now, will cause it to run the `sanitizer.bypassSecurityTrustUrl` with every change detection – Poul Kruijt Jun 02 '20 at 11:10
1 Answers
0
Whenever you are using dynamic link binding like so:
<a href="{{ some_dynamic_link }}">
Regardless of where the resource is located you will see the warning unless you sanitize URL. This is in-built to prevent XSS type of attacks: when attackers explore HTML code and are able to inject malicious code to the DOM. An attacker can potentially change the URL resource to a script resource so it can collect data from our app or any other malicious act that they desire. Angular by default will block unsafe URLs (dynamic URLs) – protecting you from making unaware mistakes.
Best practice for sanitization is to perform it within so called pure pipes, then resource requests can be cached and you won't see excessive requests.
Sergey Rudenko
- 8,809
- 2
- 24
- 51