Angularjs: preview sanitized html

Please find the plnkr

I want to display some html preview. The html is already sanitized at the server (for eg: "<b>HELLO</b>"). How can I display the html form. In the example, I want to display myHtml2 as displayed for myHtml (first preview).

html
 <div ng-controller="myController">
      <div ng-bind-html="myHtml"></div>
      <div ng-bind-html="myHtml2"></div>
      <div >{{myHtml2}}</div>
    </div>
js
myApp.controller('myController', ['$scope', '$sce', function myController($scope, $sce){
  $scope.myHtml = "<b>HELLO</b>";
  $scope.myHtml2 = "&lt;b&gt;HELLO&lt;/b&gt;";      
}]);
out
HELLO
<b>HELLO</b>
&lt;b&gt;HELLO&lt;/b&gt;

Answers


You just need to use $sce.trustAsHtml and unsanitize HTML on your client: http://plnkr.co/edit/h2loxWsPJOELhNvkfHmK?p=preview

// From: https://stackoverflow.com/questions/1912501/unescape-html-entities-in-javascript
function htmlDecode(input){
  var e = document.createElement('div');
  e.innerHTML = input;
  return e.childNodes.length === 0 ? "" : e.childNodes[0].nodeValue;
}

myApp.controller('myController', ['$scope', '$sce', function myController($scope, $sce){
  $scope.myHtml = "<b>HELLO</b>";
  $scope.myHtml2 = $sce.trustAsHtml(htmlDecode("&lt;b&gt;HELLO&lt;/b&gt;"));

}]);

htmlDecode from: Unescape HTML entities in Javascript?

However, I would not recommend taking this approach. It feels very hackish and I suspect could lead to vulnerabilities on your site.


Need Your Help

Disabling Eclipse code formatting for part of a javadoc

eclipse code-generation javadoc weka eclipse-jdt

I have a Java class for which part of the javadoc is actually generated as part of the build process: the return value of a method (a static String value) is inserted into the source file, much like $

Choose value for $_FILES[<filename>]["tmp_name"]

php

Is there a way to client-side choose the value for $_FILES[&lt;filename&gt;]["tmp_name"] instead of having it be randomly generated? For example, is there some type of attribute I can somehow appe...