Improve this Doc View Source $sanitize
- service in module ngSanitize
The input is sanitized by parsing the HTML into tokens. All safe tokens (from a whitelist) are then serialized back to properly escaped html string. This means that no unsafe input can make it into the returned string, however, since our parser is more strict than a typical browser parser, it's possible that some obscure input, which would be recognized as valid HTML by a browser, won't make it through the sanitizer. The input may also contain SVG markup. The whitelist is configured using the functions aHrefSanitizationWhitelist
and imgSrcSanitizationWhitelist
of $compileProvider
.
Usage
$sanitize(html);
Arguments
Param | Type | Details |
---|---|---|
html | string | HTML input. |
Returns
string |
Sanitized HTML. |
© 2010–2017 Google, Inc.
Licensed under the Creative Commons Attribution License 4.0.
https://code.angularjs.org/1.4.14/docs/api/ngSanitize/service/$sanitize