123 questions
1
vote
1
answer
231
views
Angular Input Signals and sanitized values
I thought that I can use an URL as input Signal in my preview.component like
hrefLink = input.required<SafeValue>();
and in the .html use it like
<img [src]="hrefLink"/>
I have ...
- 5,401
0
votes
0
answers
146
views
Infinite ngx-slick-carousel with mat-icons - svg content disappear
I'm creating a carousel with help of the ngx-slick-carousel. Each of the slides contains a Material Card and within each card there are Material icons. When the carousel is not infinite, everything ...
- 66
1
vote
1
answer
139
views
Santitize script src url value angular provides incorrect url value
I need to sanitize the external url value to dynamically load script and remove script for specific component alone.
used following approch
private getUrl(): SafeResourceUrl {
// declared value in ...
- 15
1
vote
1
answer
441
views
How to show special characters in title attribute on HTML using Angular?
Using Angular in html I need to add title attribute on <a> tag, the value of the title will have text and special characters. The attribute should render tooltip on the anchor, but it is not ...
- 349
1
vote
1
answer
319
views
When to sanitize while using Angular Renderer2
When I create a text node inside Angular with a sanitized string I unexpectedly got html entities in the output. I commonly sanitize all my input before using it inside the Renderer2.
const text = '€£'...
- 44.9k
2
votes
0
answers
78
views
Render vanilla JS <script> from API Response NOT working in the Angular 16
Let's consider that I am getting a response (as below) from api
Response
{
embedEmail: "\n<div style='text-align:left'>\n <input \n type=\"email\" \n id=\"...
- 133
1
vote
0
answers
148
views
DomSanitizer in Angular
I am bit confused about DomSanitizer of Angular.
As far as I read it should strip away all the html tags from the input.
But Please check the stackblitz attached it doesnt remove all the tags.
Am I ...
- 11
0
votes
1
answer
1k
views
Add sanitization to url and alt for angular
I need help on how to add sanitization to the url and alt text of this code. What is the best way to do this as this is something I'm not very familiar with. I tried researching but not able to find a ...
- 157
0
votes
1
answer
456
views
Can't Display the image after sanitizing it
I am trying to Make an image file display on the Html of ionic(angular) component.
The image file is fetched from the device itself and converted to file format for processing.
I am using ionic(...
1
vote
1
answer
597
views
Angular DomSanitizer replacing new line characters on textarea fields
Is Angular's DomSanitizer just a glorified text-replacer? If it is, I'd like to know if it's feasible to implement my own sanitizer, because the Angular one is replacing special characters like "&...
2
votes
0
answers
310
views
Angular DomSanitizer.bypassSecurityTrustHtml not executing script tag inside html content
I tried to use DomSanitizer.bypassSecurityTrustHtml, the html content looks as below:
<div>
<div id="test-div">
It is a test div element.
</div>
<script>
...
- 1,607
1
vote
2
answers
7k
views
Sanitizing a dynamic URL with Angular's DomSanitizer without the bypassSecurityTrustUrl
Using Angular 13, I have a dynamic URL that loads into an iframe's SRC attribute. I need to sanitize this url (of course) before hand. I tried the following (pseudo code):
DomSanitizer.sanitize(...
- 1,123
0
votes
1
answer
2k
views
How to use a DomSanitizer inside a unit test, if the component does not inject it?
I have a simple component, which does not inject the DomSanitizer. Let's say it is
export class ExampleComponent {
@Input()
public safeHtml: SafeHtml | undefined;
}
How can I use the ...
- 1,703
0
votes
0
answers
171
views
Angular - Read HTML and Style from text and render it
Let's say I have a strings:
data =
"<style>
p {
margin-bottom: 0;
}
ul{
margin-top: 0;
}
.indent-1{
margin-left: 20px;
}
.indent-2{
margin-left: 40px;
}</style>
<ul>
<li ...
0
votes
1
answer
3k
views
How do I resolve sanitizing unsafe URL value with blob value?
I'm having this sanitize URL error in Angular, I've seen many solutions, but I've not been able to use them in my scenario, that's why I'm asking the question.
Here is my function:
@Input()
...
- 51
0
votes
0
answers
231
views
How to prevent jasmine test from failing due to "WARNING: sanitizing HTML stripped some content, see https://g.co/ng/security#xss thrown"
I'm writing unit tests for a component that uses [innerHTML] to display content from backend. In the browser when the component is loaded, this warning
"WARNING: sanitizing HTML stripped some ...
- 11
4
votes
2
answers
6k
views
Angular sanitizing url to be used in an iframe's src [duplicate]
I'm trying to construct an url to pass it inside the src attributes of an iframe. But I always get the exception unsafe value used in a resource URL context and I'm struggling to understand how to ...
- 4,308
0
votes
0
answers
706
views
When and how should I use DomSanitizer.bypassSecurityTrustScript
)
I've already spent 4h+ searching the web for this, so I decided to ask the community...
What is the exact use case for angular's DomSanitizer.bypassSecurityTrustScript method?
I know, that this
...
0
votes
2
answers
2k
views
Angular link to localhost url
I am making an angular project and one of my links must redirect to another website. In my dev environment this is a localhost url such as locahost:4210.
Because this is an unsafe operation to angular ...
- 119
1
vote
1
answer
4k
views
Unexpected behavior when sanitizing unsafe URLs?
I need to sanitize an unsafe URL on my site. Trying to use the DomSanitizer's sanitize method, but am getting unexpected results. The docs seem clear that some kind of sanitization should be taking ...
- 15
1
vote
0
answers
503
views
Is there a way to upload a local audio file in Angular without bypass security?
I am trying to upload an audio file in Angular. The purpose is to be able to reproduce it and do some little work on it such as play,stop, get timestamp of pause marker ecc... I can upload through the ...
0
votes
2
answers
343
views
angular dynmaic document height from top to bottom
How to calculate each and every page height from top to bottom in angular ?
This syntax work in JavaScript but give error in angular
console.log( (document.height !== undefined) ? document.height : ...
- 471
0
votes
1
answer
3k
views
Sanitizing base64 image gives changingThisBreaksApplicationSecurity
I'm trying to render an image which I have converted to base64
data:image/vnd.microsoft.icon;base64,AAABAAIAICAAA.....
Now, whatever I do, I always get
{
changingThisBreaksApplicationSecurity: '...
- 29.6k
0
votes
1
answer
410
views
i am getting warning Cross-site Scripting (XSS) with innerHTML
I have a code where I need to send HTML with inner Html but my code is not passing the security testing it showing Cross-site Scripting (XSS) warning.
how to use innerHtml with out Cross-site ...
0
votes
2
answers
2k
views
How to sanitize html in angular for avoiding XSS vulnerabilities
Getting XSS vulnerabilities while accessing API call and accessing in HTML page. Tried with DOM sanitizer with url and Sanitized html as well, still getting XSS Cross site scripting issues. Tried with ...
- 2,475
1
vote
1
answer
3k
views
How to use DOMSANITIZER(bypassSecurityTrustUrl) while calling the API
Getting XSS vulnerabilities while calling the API for fetching the data. So trying to add DOMSANITIZER, but its failing. Tried below code, please suggest me the solution.
this.http.get(this....
- 2,475
2
votes
1
answer
1k
views
Angular 12 issue with DomSanitizer for src attribute in Iframe. always throw error for dynamicaly set source
I wanted to create a component that handles all YouTube embeded video. However passing the src as a variable will not work at all. No matter what I do. Anyone has an idea what's the problem or is it a ...
- 1,624
0
votes
1
answer
3k
views
Different output from DomSanitizer bypassSecurityTrustHtml on null value angular 12
I've just updated an application I'm working on from angular 11 to 12.
(also updated typscript from 4.0.5 to 4.3.5).
We noticed a difference in the application, when before I had an empty value I now ...
- 41
0
votes
2
answers
2k
views
angular dom sanitizer and svg byte array
I am trying to bind a byte array to an image tag in angular.
I know the byte array is correct, because I can download it and view it from my API.
I created an image like this:
<img [src]="src&...
- 13.5k
0
votes
1
answer
1k
views
Angular execute html type response from api call in dom?
i have a node api(localhost:5000/ ) which returns html type response.
when i run localhost:5000/ in browser it execute the scripts from returned response from my api.below is my app.js file.
const ...
- 2,127
0
votes
1
answer
819
views
Angular 7 How To Access Domsanitizer Object inside a static function
I am trying to resolve the checkmarx issue which says application embeds untrusted data in the generated output.This untrusted data is embedded straight into the output without proper sanitization or ...
0
votes
1
answer
2k
views
How to display a html document with external stylesheet in iframe? Angular Html CSS
My application front end uses Angular.
I am trying to display an html document (in my case a preview of a document generated using user input data). I can successfully display the Html and inline CSS ...
- 27
0
votes
1
answer
2k
views
How to remove localhost:4200 url appending in [href] attribute in <a> tag in angular
Below is the HTML:
<a [href]= "message.messagelinkHere ? sanitize(message.messagelinkHere) : message.messagelink"
in ts file
import { DomSanitizer } from '@angular/platform-browser';
...
- 144
1
vote
0
answers
568
views
how to sanitize mixed html content & preview using innerHTML property in angular
I am working on an angular application, where I am receiving HTML content from API which is created by CKEditor. content includes iframe & other HTML data. I have tried to santize the content ...
0
votes
1
answer
343
views
Unsafe value used in a Resource context (iframe) [duplicate]
I'm trying to test my component in which I use a presigned URL to render a PDF file from S3 and then i use a bypassSecurityTrustResourceUrl, and this works well, but just when I'm trying to test this ...
0
votes
2
answers
4k
views
WARNING: sanitizing unsafe URL value data:text/html;base64,
I am getting a response from the server in the form of image, which I am accepting as a blob and converting it to image
template:
<img [src]="imgSrc" alt="Loading....">
ts ...
- 47
1
vote
0
answers
289
views
How to add multiline to data attribute in angular
I'm using Quill Editor inside an angular project and I need multiline placeholders. Since Quill renders the placeholders via ::before I thought it should be straight forward to implement this, as ...
- 6,915
0
votes
1
answer
3k
views
Use of bypassSecurityTrustResourceUrl is giving SafeValue must use [property] in result
i am tring to parse images using bypassSecurityTrustResourceUrl but in output I am getting
SafeValue must use [property]=binding: data:image/jpeg;base64,(actual data) (see http://g.co/ng/security#xss)...
- 1,069
-1
votes
1
answer
828
views
Error:Property 'bypassSecurityTrustUrl' does not exist on type 'typeof CommonFunctions', when using it in a function?
I want to build a common class for the frequently used statements in function.
and i am getting error if i use this keyword within a function.
import {Component} from '@angular/core';
import { ...
- 1,069
2
votes
1
answer
318
views
Apply Angular Pipe to Angular Recursive List template
I have a recursive Angular template using Pipe for deeply nested array of objects where I have data and children. My problem is it only that when using search function I'm using pipe that highlights ...
- 2,986
5
votes
1
answer
3k
views
bypassSecurityTrustHtml disables anchor tag while displaying html using [innerHtml]
I am using Angular 10. I have a scenario to get html string (value returned by rich text editor) and display it in my Application (using innerHtml). I'll be getting all kinds of styles, like ...
- 1,919
0
votes
1
answer
1k
views
Style is not applied after sanitization and [innerHTML]
I have a mat-table:
<ng-container matColumnDef="quantity">
<th mat-header-cell *matHeaderCellDef> Operation </th>
<td mat-cell *matCellDef="...
- 6,374
0
votes
0
answers
1k
views
Angular Domsanitizer doesn't accept url and throws error
I am attempting to sanitize a url to use as the data attribute for an object tag to display an svg.
my.page.html
<object [id]="'chr'+index" [data]="SVGToView[0] | safe" type=&...
- 304
0
votes
1
answer
4k
views
Angular bypassSecurityTrustResourceUrl not working as expected
I'm having a problem where DomSanitizer.bypassSecurityTrustResourceUrl is not working as expected.
I have created the following pipe as found in many sources online:
import { DomSanitizer, ...
- 1
0
votes
0
answers
43
views
Angular 9 domSanitazer Not allowed to load resource [duplicate]
I have application in Angular 9 and use DomSanitazer to build img url.
I get error:
Not allowed to load local resource: file:///C:/MyApp/Images/uploads/fbf8152f-ccea-45a2-b9a9-150cd4c421a5/mmm_3424....
- 403
0
votes
1
answer
2k
views
Cannot display images in [innerHTML]
I have HTML data stored in a field in my Firebase database, some of which contains <img src='[myImageUrl]'>. When displaying the field in my HTML file, the image has been blocked and I get the ...
- 147
0
votes
2
answers
906
views
Angular 9 template interpolation removing backslashes
I need to render a string on the page with double backslash "\\" but Angular removes one from the temaplte, treating it like a regular expression.
An example of the issue is here:
https://...
- 9,731
1
vote
1
answer
709
views
Why is my custom pipe designed to bypass Angular 8 security using [Innerhtml] not working? Error message 'undefined'
I am creating a dynamic angular web app and when reading information from my database, whilst I have accommodated html by replacing all occurrences of \n to <br />, angular 8 will just render ...
- 93
0
votes
2
answers
1k
views
DomSanitizer being applied to URL redirects it to localhost?
When I pass a remote url through DomSanitizer, http://localhost:4200 is being prefixed to the url and I get a 404 as a consequence.
GET http://localhost:4200/.cs.uic.edu/~i101/SoundFiles/Fanfare60....
- 23
3
votes
2
answers
4k
views
Angular 9 new unit test error: "unsafe value used in a resource URL context"
Since upgrading my Angular application from version 8 to version 9 I've got a new error appearing when I run my Jest unit test:
unsafe value used in a resource URL context (see http://g.co/ng/...
- 568