https://stackoverflow.com/questions/22820638
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianNot sure if it fits your use case, but there is the ngNonBindable directive:
<div ng-non-bindable>This is a {{profile}}</div>
Will simply show:
This is a {{profile}}
How to prevent angular from evaluating template expressions
Question
In my app the users can provide a description for their profiles. Problem is that I don't restrict them from giving angular-like expressions like {{ some expression }}. That way my app is XSS vulnerable. Is it possible to make angular leave the contents of an element as is and not evaluate them even if they have angular expressions?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
