Login Register

ngSanitize.$sanitizeProvider

$sanitize
provider in module ngSanitize

Creates and configures $sanitize instance.

Methods

enableSvg([regexp]);
Enables a subset of svg to be supported by the sanitizer.
By enabling this setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized svg elements could be positioned outside of the containing element and be rendered over other elements on the page (e.g. a login link). Such behavior can then result in phishing incidents.

To protect against these, explicitly setup overflow: hidden css rule for all potential svg tags within the sanitized content:
```
  .rootOfTheIncludedContent svg {
    overflow: hidden !important;
  }
  
```
Parameters

Param Type Details
regexp
(optional)
boolean
New regexp to whitelist urls with.

Returns

booleanng.$sanitizeProvider
Returns the currently configured value if called without an argument or self for chaining otherwise.

Links:

https://docs.angularjs.org/api/ngSanitize/provider/$sanitizeProvider

doc_AngularJS

2016-03-29 16:12:28

Comments

Leave a Comment

Please login to continue.

Popular Articles

ngSanitize.$sanitizeProvider.enableSvg() enableSvg([regexp]); Enables a subset of svg to be supported by the sanitizer. By enabling this setting without taking other precautions, you might

ngSanitize Installation First include angular-sanitize.js in your HTML: <script src="angular.js"> <script src="angular-sanitize.js"> You can downloa

ngSanitize.provider Name Description $sanitizeProvider Creates and configures $sanitize instance.

ngSanitize.service Name Description $sanitize Sanitizes an html string by stripping all potentially dangerous tokens.

ngSanitize.linky filter in module ngSanitize Finds links in text input and turns them into html links. Supports http/https/ftp/mailto and plain email address lin