Improve this Doc View Source ngBindHtml

  1. directive in module ng

Overview

Evaluates the expression and inserts the resulting HTML into the element in a secure way. By default, the resulting HTML content will be sanitized using the $sanitize service. To utilize this functionality, ensure that $sanitize is available, for example, by including ngSanitize in your module's dependencies (not in core AngularJS). In order to use ngSanitize in your module's dependencies, you need to include "angular-sanitize.js" in your application.

You may also bypass sanitization for values you know are safe. To do so, bind to an explicitly trusted value via $sce.trustAsHtml. See the example under Strict Contextual Escaping (SCE).

Note: If a $sanitize service is unavailable and the bound value isn't explicitly trusted, you will have an exception (instead of an exploit.)

Directive Info

  • This directive executes at priority level 0.

Usage

  • as element:
    <ng-bind-html
      ng-bind-html="expression">
    ...
    </ng-bind-html>
  • as attribute:
    <ANY
      ng-bind-html="expression">
    ...
    </ANY>

Arguments

Param Type Details
ngBindHtml expression

Expression to evaluate.

Example

© 2010–2018 Google, Inc.
Licensed under the Creative Commons Attribution License 4.0.
https://code.angularjs.org/1.7.8/docs/api/ng/directive/ngBindHtml