javascript - Angular ng-bind-html - prevent execution of JS code -

-

i have problem ng-bind-html directive.

i email html data external services (not trusted), may happen receive <script> tag inside message body. don't want execute js code on page. using ng-bind-html directive this.

i created example , problem alert() function executed. how deny this?

var app = angular.module('myapp', ['ngsanitize']);    app.controller('mainctrl', function ($sce, $scope) {      $scope.text = " <script>alert(222)</script> <script>alert(222)</script>";  });
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.23/angular.min.js"></script>  <div ng-app="myapp" ng-controller="mainctrl">      <div ng-bind-html="text"></div>  </div>

https://jsfiddle.net/suvroc/0c0ee472/8/

since have referenced old version of angularjs, prevented getting proper errors, difficult interpret. tried in similar fashion , found out errors, showed there problem text has been bind containing <script>.

actually, when 1 terminates script tag, -> </script>, compiler generates error, showing invalid.

this has happened me while working project, where, developers deliberately removed </script> prevent run-time errors. otherwise whole code breaks.

i don't know actual reason behind it, has done trick in past.

so in code demo, script doesn't runs itself; case, removing or preventing ending/closing of script tag, might trick.

meanwhile, can have code below:

html:

<div ng-app="app" ng-controller="test">   run time binding of html   <div ng-bind-html="text"></div> </div>

js:

var app = angular.module('app', []);  app.controller('test', function($scope, $sce, $timeout) {   $scope.bindhtml = "<script>alert(123);";   $scope.text = $sce.trustashtml($scope.bindhtml); });

Comments

Post a Comment

Popular posts from this blog

java - Run spring boot application error: Cannot instantiate interface org.springframework.context.ApplicationListener -

-
i have spring project , try make use spring boot , run @ embadded tomcat following : https://spring.io/guides/gs/rest-service/ this application //@configuration //@enableaspectjautoproxy @springbootapplication @componentscan(basepackages = "gux.prome") public class application { public static void main(string[] args) { springapplication.run(application.class, args); } } if use maven command: mvn spring-boot:run , project starts fine, need debug , run main method @ intelij, exception occurs: exception in thread "main" java.lang.illegalargumentexception: cannot instantiate interface org.springframework.context.applicationlistener : org.springframework.boot.logging.classpathloggingapplicationlistener @ org.springframework.boot.springapplication.createspringfactoriesinstances(springapplication.java:414) @ org.springframework.boot.springapplication.getspringfactoriesinstances(springapplication.java:394) @ org.springframework.bo...
Read more

reactjs - React router and this.props.children - how to pass state to this.props.children -

-
i'm using react-router first time , don't know how think in yet. here's how i'm loading components in nested routes. entry point .js reactdom.render( <router history={hashhistory} > <route path="/" component={app}> <route path="models" component={content}> </route> </router>, document.getelementbyid('app') ); app.js render: function() { return ( <div> <header /> {this.props.children} </div> ); } so child of app content component sent in. i'm using flux , app.js has state , listens changes, don't know how pass state down this.props.children. before using react-router app.js defines children explicitly, passing state natural don't see how now. using couple of react helper methods can add state, props , whatever else this.props.children render: function() { var children = react.ch...
Read more

Excel VBA "Microsoft Windows Common Controls 6.0 (SP6)" Location Changes -

-
i have excel workbook used generate quotations customers. there main page user inputs data, , there buttons generate various pdfs , send them customer. however, 1 user consistently getting error preventing generating , sending pdfs. i beleive "microsoft windows common controls 6.0 (sp6)". it's installed on users' computers. on mine, location "c:\windows\syswow64\mscomctl.ocx" on others "c:\windows\system32\mscomctl.ocx" the user experiencing issues on 32-bit machine, "mscomctl.ocx" file should in system32. have manually put in there, , pointed common controls reference in vba it. issue seems keep reverting looking in syswow64. since folder doesn't exist, can't find it, , can't produce pdfs. i thought perhaps issue user running older version of office (2007) there users on 2013 , 2016. thought perhaps mixture of 64-bit , 32-bit users. user gets sent workbook other users (as quotation process goes further, gets passed ...
Read more