ngSanitize.$sanitizeProvider.enableSvg()

enableSvg([regexp]);

Enables a subset of svg to be supported by the sanitizer.

By enabling this setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized svg elements could be positioned outside of the containing element and be rendered over other elements on the page (e.g. a login link). Such behavior can then result in phishing incidents.

To protect against these, explicitly setup overflow: hidden css rule for all potential svg tags within the sanitized content:


  .rootOfTheIncludedContent svg {
    overflow: hidden !important;
  }
  

Parameters

Param Type Details
regexp
(optional)
boolean

New regexp to whitelist urls with.

Returns

booleanng.$sanitizeProvider

Returns the currently configured value if called without an argument or self for chaining otherwise.

doc_AngularJS
2016-03-29 16:12:29
Comments
Leave a Comment

Please login to continue.