2

I want to know difference between ng-bind, ng-bind-html and ng-bind-html-unsafe.

Also when I run below code, I am getting error which is as mentioned below :

Code :

 <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
        pageEncoding="ISO-8859-1"%>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>HTML Injection Security in AngularJS</title>

<script type="text/javascript" src="/js/angular.js"></script>

<script type="text/javascript">

angular.module("myApp", []).controller("myController",function($scope)
{
    $scope.getValue = function()
    {
        return "<b>Hello World</b>";
    };
});

</script>

</head>
<body>

<div ng-app="myApp" ng-controller="myController">
    <span ng-bind-html="getValue();"></span>
    <span>Normal Text</span>
</div>

</body>
</html>

Error :

Error: [$sce:unsafe] Attempting to use an unsafe value in a safe context. http://errors.angularjs.org/1.3.11/$sce/unsafe at REGEX_STRING_REGEXP (https://www.angularapprj.com:4443/js/angular.js:63:12) at htmlSanitizer (https://www.angularapprj.com:4443/js/angular.js:15053:13) at getTrusted (https://www.angularapprj.com:4443/js/angular.js:15217:16) at Object.$get.sce.(anonymous function) [as getTrustedHtml] (https://www.angularapprj.com:4443/js/angular.js:15897:16) at Object.ngBindHtmlWatchAction [as fn] (https://www.angularapprj.com:4443/js/angular.js:20449:29) at Scope.$get.Scope.$digest (https://www.angularapprj.com:4443/js/angular.js:14230:29) at Scope.$get.Scope.$apply (https://www.angularapprj.com:4443/js/angular.js:14493:24) at bootstrapApply (https://www.angularapprj.com:4443/js/angular.js:1449:15) at Object.invoke (https://www.angularapprj.com:4443/js/angular.js:4182:17) at doBootstrap (https://www.angularapprj.com:4443/js/angular.js:1447:14)

What does it mean? I know using declarative code within imperative code is not good practice, though I was just trying with <b>Hello World</b> in ng-bind-html directive.

Improve this question

1 Answer 1

Reset to default
2

After searching I got below information from https://docs.angularjs.org/guide/migration#ngbindhtmlunsafe-has-been-removed-and-replaced-by-ngbindhtml: In Angular version 1.3 they have migrated from ng-bind-html-unsafe to ng-bind-html, though one point of question is remaining,Why I am getting error which is mentioned in post ?

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.