Javascript angular-sanitize 的目的是什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/33209938/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is the purpose of angular-sanitize ?
提问by Alexander Solonik
I was just going through the examples for a angular and openlayers directive HEREand came across the following example:
我只是通过例子去一个角和的OpenLayers指令HERE和整个下面的例子来:
<!DOCTYPE html>
<html ng-app="demoapp">
<head>
<script src="../bower_components/openlayers3/build/ol.js"></script>
<script src="../bower_components/angular/angular.min.js"></script>
<script src="../bower_components/angular-sanitize/angular-sanitize.min.js"></script>
<script src="../dist/angular-openlayers-directive.js"></script>
<link rel="stylesheet" href="../bower_components/openlayers3/build/ol.css" />
<script>
var app = angular.module('demoapp', ['openlayers-directive']);
app.controller('DemoController', [ '$scope', function($scope) {
angular.extend($scope, {
center: {
lat: 0,
lon: 0,
autodiscover: true
}
});
}]);
</script>
</head>
<body ng-controller="DemoController">
<openlayers ol-center="center" height="400px"></openlayers>
<h1>Center autodiscover example</h1>
<form>
Latitude : <input type="number" step="any" ng-model="center.lat" />
Longitude : <input type="number" step="any" ng-model="center.lon" />
Zoom : <input type="number" step="any" ng-model="center.zoom" />
<button ng-click="center.autodiscover=true">Discover position</button>
</form>
</body>
</html>
The example can be seen as a live example HERE.
这个例子可以被看作是一个活生生的例子这里。
My question is about the files being loaded, I don't quite understand why the below script being loaded:
我的问题是关于正在加载的文件,我不太明白为什么要加载以下脚本:
<script src="../bower_components/angular-sanitize/angular-sanitize.min.js"></script>
What is the purpose of the above script ?
上面脚本的目的是什么?
EDIT::: i found out the git repo and the docs here for this module in angular HERE. , but i still don't understand the purpose of this script , the documentation does't even have a single example.
编辑:::我在这里找到了这个模块的 git repo 和文档,这里有 angular HERE。,但我仍然不明白这个脚本的目的,文档甚至没有一个例子。
I have coded in jQuery a fair bit , so can somebody explain this in jQuery terms ?
我已经用 jQuery 编写了相当多的代码,所以有人可以用 jQuery 术语解释这一点吗?
回答by Alex
If you include the angular-sanitizescript, inputs are sanitized by parsing the HTML into tokens. All safe tokens (from a whitelist) are then serialized back to properly escaped html string. This means that no unsafe input can make it into the returned string.
如果您包含angular-sanitize脚本,则通过将 HTML 解析为标记来清理输入。然后将所有安全令牌(来自白名单)序列化回正确转义的 html 字符串。这意味着没有不安全的输入可以使其进入返回的字符串。
I have included a small example below inspired by this blog post. If you run this script with var app = angular.module("app", ["ngSanitize"]);the html links are rendered correctly. However, if you comment this statement out and uncomment var app = angular.module("app", []);the following error message is raised: Error: [$sce:unsafe] Attempting to use an unsafe value in a safe context.
我在下面包含了一个受这篇博文启发的小例子。如果您运行此脚本,var app = angular.module("app", ["ngSanitize"]);html 链接将正确呈现。但是,如果您将此语句注释掉并取消注释var app = angular.module("app", []);,则会引发以下错误消息:Error: [$sce:unsafe] Attempting to use an unsafe value in a safe context.
<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/x-icon" href="favicon.ico">
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.1/angular.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.1/angular-sanitize.min.js"></script>
<!-- BEGIN disable refresh -->
<script type="text/javascript">
//Including ngSanitize ensures html links get properly sanitized
var app = angular.module("app", ["ngSanitize"]);
//If you use this code instead no html links get displayed
//var app = angular.module("app", []);
app.controller("mainController", function($scope) {
var main = this;
main.links = [
"<a href='http://google.com'>Google</a>",
"<a href='http://odetocode.com'>OdeToCode</a>",
"<a href='http://twitter.com'>Twitter</a>"
];
});
</script>
</head>
<body ng-app="app">
<section ng-controller="mainController as main">
<nav>
<ul>
<li ng-repeat="link in main.links" ng-bind-html="link">
</li>
</ul>
</nav>
</section>
</body>
</html>