Questions tagged [ng-bind-html]

ngBindHtml creates a binding that will innerHTML the result of evaluating the expression into the current element in a secure way.

ngBindHtml creates a binding that will innerHTML the result of evaluating the expression into the current element in a secure way. By default, the innerHTML-ed content will be sanitized using the $sanitize service. To utilize this functionality, ensure that $sanitize is available, for example, by including ngSanitize in your module's dependencies (not in core Angular). In order to use ngSanitize in your module's dependencies, you need to include "angular-sanitize.js" in your application.

You may also bypass sanitization for values you know are safe. To do so, bind to an explicitly trusted value via $sce.trustAsHtml. See the example under Strict Contextual Escaping (SCE).

Note: If a $sanitize service is unavailable and the bound value isn't explicitly trusted, you will have an exception (instead of an exploit.)

Usage
as attribute:

<ANY
  ng-bind-html="">
...
</ANY>

Example

<div ng-controller="ExampleController">
 <p ng-bind-html="myHTML"></p>
</div>

Resources

AngularJS ng-bind-html Directive API Reference

242 questions

votes

1 answer

Using ng-bind-html and $sce.trustAsHtml create a string with ng-model binding

I want to create dynamically forms. Inside my controller i create a string var str = ""; $scope.htmlString = $sce.trustAsHtml(str); and in my html page

angularjs ng-bind-html

asked Oct 13 '16 at 14:53

GomuGomuNoRocket

votes

3 answers

Angular bind object element to HTML

I got the code from another question and it's straightforward and working fine

(function(angular) { 'use strict'; angular.module('bindHtmlExample', ['ngSanitize']) …

javascript html angularjs ng-bind-html ng-bind

asked Sep 08 '16 at 02:46

marukobotto

votes

3 answers

ng-bind-html and ng-controller

I'm injecting insecure html into some

, like this:

this html has angularjs "code" ($scope.content is loaded with something like this):