enabled([value]); Enables/disables SCE and returns the current value. Parameters Param Type Details value (optional) boolean If provided, then enables/disables SCE. Returns boolean true if SCE is enabled, false otherwise.

$sceDelegate provider in module ng The $sceDelegateProvider provider allows developers to configure the $sceDelegate service. This allows one to get/set the whitelists and blacklists used to ensure that the URLs used for sourcing Angular templates are safe. Refer $sceDelegateProvider.resourceUrlWhitelist and $sceDelegateProvider.resourceUrlBlacklist For the general details about this service in Angular, read the main page for Strict Contextual Escaping (SCE). Example: Consider the follow

$sce provider in module ng The $sceProvider provider allows developers to configure the $sce service. enable/disable Strict Contextual Escaping (SCE) in a module override the default implementation with a custom delegate Read more about Strict Contextual Escaping (SCE). Methods enabled([value]); Enables/disables SCE and returns the current value. Parameters Param Type Details value (optional) boolean If provided, then enables/disables SCE. Returns boolean true if SCE is enabl

resourceUrlBlacklist([blacklist]); Sets/Gets the blacklist of trusted resource URLs. Parameters Param Type Details blacklist (optional) Array When provided, replaces the resourceUrlBlacklist with the value provided. This must be an array or null. A snapshot of this array is used so further changes to the array are ignored. Follow this link for a description of the items allowed in this array. The typical usage for the blacklist is to block open redirects served by your domain as these

service in module ng The first time a template is used, it is loaded in the template cache for quick retrieval. You can load templates directly into the cache in a script tag, or by consuming the $templateCache service directly. Adding via the script tag: <script type="text/ng-template" id="templateId.html"> <p>This is the content of the template</p> </script> Note: the script tag containing the template does not need to be included in the head of the document, b

resourceUrlWhitelist([whitelist]); Sets/Gets the whitelist of trusted resource URLs. Parameters Param Type Details whitelist (optional) Array When provided, replaces the resourceUrlWhitelist with the value provided. This must be an array or null. A snapshot of this array is used so further changes to the array are ignored. Follow this link for a description of the items allowed in this array. Note: an empty whitelist array will block all URLs! Returns Array the currently set white

trustAs(type, value); Returns an object that is trusted by angular for use in specified strict contextual escaping contexts (such as ng-bind-html, ng-include, any src attribute interpolation, any dom event binding attribute interpolation such as for onclick, etc.) that uses the provided value. See $sce for enabling strict contextual escaping. Parameters Param Type Details type string The kind of context in which this value is safe for use. e.g. url, resourceUrl, html, js and css. value

$sceDelegateProvider service in module ng $sceDelegate is a service that is used by the $sce service to provide Strict Contextual Escaping (SCE) services to AngularJS. Typically, you would configure or override the $sceDelegate instead of the $sce service to customize the way Strict Contextual Escaping works in AngularJS. This is because, while the $sce provides numerous shorthand methods, etc., you really only need to override 3 core functions (trustAs, getTrusted and valueOf) to replac

getTrusted(type, maybeTrusted); Takes the result of a $sceDelegate.trustAs call and returns the originally supplied value if the queried context type is a supertype of the created type. If this condition isn't satisfied, throws an exception. Disabling auto-escaping is extremely dangerous, it usually creates a Cross Site Scripting (XSS) vulnerability in your application. Parameters Param Type Details type string The kind of context in which this value is to be used. maybeTrusted *

valueOf(value); If the passed parameter had been returned by a prior call to $sceDelegate.trustAs, returns the value that had been passed to $sceDelegate.trustAs. If the passed parameter is not a value that had been returned by $sceDelegate.trustAs, returns it as-is. Parameters Param Type Details value * The result of a prior $sceDelegate.trustAs call or anything else. Returns * The value that was originally provided to $sceDelegate.trustAs if value is the result of such a call. Othe