How to undo bypassSecurityTrustHtml, i.e convert SafeValue back to string

About

Asked 26/10, 2017 at 16:18 Answered 14/2, 2018 at 17:16

I am generating html, and inserting it into my web page using

let data = '<font color=blue>hello world</font>';
this.safevalue = this.domSanitizer.bypassSecurityTrustHtml(data);

Elsewhere in my code I want to convert the safe value back into a string, so I tried this...

data = this.safevalue.toString();

but this sets data to a string like this...

'SafeValue must use [property]=binding: (see http://g.co/ng/security#xss)'

which is not helpful

Subway answered 26/10, 2017 at 16:18 Comment(2)

What do you get with console.log(this.safevalue)? – Jaine 26/10, 2017 at 20:27

@GünterZöchbauer I get the same thing as toString. – Subway 11/11, 2017 at 4:46

I don't know if you already found a fix for this, but, if you just want the original value, marked as safe:

var yourString = this.domSanitizer.sanitize(SecurityContext.HTML, data)

Libratory answered 14/2, 2018 at 17:16 Comment(2)

Does this work? If the data is "Hello world" then will the value of yourString.toString() be also "Hello world"? – Subway 20/2, 2018 at 3:57

Yes, it does. That's how I am doing in my application here. Give it a try and let me know if you need any help! You just have to use yourString (no need for .toString(), it is a slready a string) – Libratory 21/2, 2018 at 9:0

I've dug through the source code and it appears that it is not possible to get the original string from a SafeValue. So I guess I'll have to keep parallel data array for all the unsafe values.

Subway answered 26/10, 2017 at 16:43 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags