'纳克绑定-HTML不安全'不显示任何内容

时间:2017-07-10 07:27:29

标签: angularjs json object ng-bind-html ngsanitize

我在JSON中显示一个包含HTML代码的字符串。 请检查姓名'第二个对象中的属性。

然而,当我使用&ng; ng-bind-html-unsafe'它没有显示任何东西。

我也使用过ngSanitize。

请你帮我弄清楚我的代码有什么问题?



angular.module('myApp', ['ngSanitize']).controller('myCtrl', ['$scope', '$sce', function($scope, $sce){
  $scope.card = [{
    Name: "New Year Celebration",
    Description: "",
    Venue: "",
    StartDate: "Fri Dec 29 2017 23:30:00 GMT+0530",
    EndDate: "Sat Dec 30 2017 00:30:00 GMT+0530",
    EventID: "1"
  }, {
    Name: "<P>25th Anniversary Celebration</P>",
    Description: "25th Anniversary Celebration of organization",
    Venue: "Auditorium",
    StartDate: "Wed May 31 2017 17:30:00 GMT+0530",
    EndDate: "Wed May 31 2017 20:30:00 GMT+0530",
    EventID: "2"
  }, {
    Name: "Annual Day",
    Description: "",
    Venue: "",
    StartDate: "Fri Oct 13 2017 14:30:00 GMT+0530",
    EndDate: "Fri Oct 13 2017 17:30:00 GMT+0530",
    EventID: "3"
  }];
  
  $scope.trustAsHtml = function(html) {
	return $sce.trustAsHtml(html);
  }
  $scope.add = function(eventObj) {
  $scope.eventID= this.eventObj.EventID;
  $scope.startDate= this.eventObj.StartDate;
    $scope.endDate= this.eventObj.EndDate;
    $scope.venue= this.eventObj.Venue;
    $scope.subject= this.eventObj.Name;
    $scope.result= this.eventObj.Description;
  //console.log(this);
    $scope.icsMSG = "BEGIN:VCALENDAR\nVERSION:2.0\nBEGIN:VEVENT\nDTSTART:" + $scope.startDate +"\nDTEND:" + $scope.endDate +"\nLOCATION:" + $scope.venue + "\nSUMMARY:" + $scope.subject + "\nDESCRIPTION:"+ $scope.result +"\nEND:VEVENT\nEND:VCALENDAR";
	window.open("data:text/calendar;charset=utf8," + escape($scope.icsMSG),"_self");
  };
}]);

.event {
  height: 150px;
  width: 250px;
  border: 1px solid lightgrey;
  background-color: skyblue;
  margin: 10px;
}

<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.6.5/angular.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular-sanitize/1.6.5/angular-sanitize.js"></script>

<div ng-app="myApp" ng-controller="myCtrl">
  <div ng-repeat="eventObj in card" class="event">
  Subject: <span ng-bind-html="trustAsHtml(eventObj.Name)"></span>
  <br /><br />	
  Venue:<span>{{eventObj.Venue}}</span>
  <br /><br />	
  Date:<span>{{eventObj.StartDate | date:'fullDate'}}</span>
  <br /><br />
  <button ng-click="add(eventObj.EventID)">Add to Outlook</button>
  </div>
</div>
&#13;
&#13;
&#13;

1 个答案:

答案 0 :(得分:1)

您使用的是Angular 1.6.x,很久以前就已弃用ng-bind-html-unsafe。您可以使用:ng-bind-html

<div ng-bind-html="eventObj.Name"></div>

注意:在控制器中,注入$sce

编辑1:      在控制器中添加此方法:

过滤器:

angular.module('myApp')
.filter('to_trusted', ['$sce', function($sce){
    return function(text) {
         var doc = new DOMParser().parseFromString(text, "text/html");
         var   rval= doc.documentElement.textContent;
        console.log(rval)
        return $sce.trustAsHtml(rval)
    };
}]);

HTML

<div ng-app="myApp" ng-controller="myCtrl">
  <div ng-repeat="eventObj in card" class="event">
  Subject: <span ng-bind-html="eventObj.Name|to_trusted"></span>
  <br /><br />  
  Venue:<span>{{eventObj.Venue}}</span>
  <br /><br />  
  Date:<span>{{eventObj.StartDate | date:'fullDate'}}</span>
  <br /><br />
  <button ng-click="add(eventObj.EventID)">Add to Outlook</button>
  </div>
</div>

工作演示:https://plnkr.co/edit/sFhaSJ2Ir9PYUObdtcnj?p=preview