- $sanitize
- provider in module ngSanitize
Creates and configures $sanitize
instance.
Methods
-
enableSvg([regexp]);
Enables a subset of svg to be supported by the sanitizer.
By enabling this setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized svg elements could be positioned outside of the containing element and be rendered over other elements on the page (e.g. a login link). Such behavior can then result in phishing incidents.
To protect against these, explicitly setup
overflow: hidden
css rule for all potential svg tags within the sanitized content:.rootOfTheIncludedContent svg { overflow: hidden !important; }
Parameters
Param Type Details regexp (optional)boolean
New regexp to whitelist urls with.
Returns
boolean
ng.$sanitizeProvider
Returns the currently configured value if called without an argument or self for chaining otherwise.
Please login to continue.