)
I've already spent 4h+ searching the web for this, so I decided to ask the community...
What is the exact use case for angular's DomSanitizer.bypassSecurityTrustScript method?
I know, that this
- comes with security risks
- is not the best way to insert code into angular apps
- is not the only way to inject script tags
- etc.
I don't want to use it for a real implementation. I'm just providing
an Angular Pipe to my users and I want to explain to them when and how
to use each security context (e.g. [innerHtml]="someVar | trust: 'html'").
I could find good examples for all except for the bypassSecurityTrustScript method.
So, can anyone explain to me WHEN and HOW to use DomSanitizer.bypassSecurityTrustScript?
$ ng --version
Angular CLI: 12.2.17
Node: 14.17.6
Package Manager: npm 6.14.15
OS: win32 x64
Angular: 12.2.16
... animations, common, compiler, compiler-cli, core, elements
... forms, language-service, platform-browser
... platform-browser-dynamic, router
Package Version
------------------------------------------------------------
@angular-devkit/architect 0.1202.17
@angular-devkit/build-angular 12.2.17
@angular-devkit/core 12.2.17
@angular-devkit/schematics 12.2.17
@angular/cdk 12.2.13
@angular/cli 12.2.17
@angular/flex-layout 12.0.0-beta.35
@angular/material 12.2.13
@angular/material-moment-adapter 12.2.13
@schematics/angular 12.2.17
ng-packagr 12.2.7
rxjs 6.6.7
typescript 4.3.5
Cheers, Markus ;)