更新时间:2022-04-16 05:06:11
看看这里:http://docs.angularjs.org/api/ngSanitize/service/$sanitize
如果你想逃避使用 NG-绑定
,它会呈现不跨pretation这样的标签:
If you want escape use ng-bind
, it ll render the tag without interpretation like that :
你好< B>世界与LT; / B>
不喜欢你好全球!
你明白吗?所以NG-绑定是安全的,因为它不关心HTML标签。
Do you understand ? so ng-bind is safe because it doesn't care about HTML tags.
如果你希望你的HTML标记间preTED但安全只是用NG绑定,HTML!
If you want that your HTML tags be interpreted but safely just use ng-bind-html !
例如,如果你想显示此字符串:
For example if you want to display this string :
'Hello <b>World</b><input type="text" />'
结果将是:你好,全球,但没有输入,因为AngularJS编译器使用$消毒服务并检查HTML元素的白名单和iput无权
The result will be : Hello World but without the input because AngularJS compiler uses $sanitize service and check a whitelist of HTML elements and an iput is not authorized.
也许NG-绑定,HTML是你在找什么。
Maybe ng-bind-html is what you're looking for.
如果你只是想确保用户不能把html标签在你输入的只是使用指令NG-图案的投入!
If you just want be sure that the user can't put html tags in your input just use the directive ng-pattern on your inputs !
http://docs.angularjs.org/api/ng/directive/input
这需要一个正则表达式为不允许的字符在输入!
It takes a regex for allowed characters in your input !
希望它帮助!