如果两个都单独存储,则可以使用(quick和dirty)转义USERCOMPANY中的值:
USERCOMPANYstring.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">").replace(/"/g, """).replace(/'/g, "'");
safe
管道:
<p [innerHTML]="yourVariable | safe: html"></p>
安全管道:
import { Pipe, PipeTransform } from "@angular/core";
import {
DomSanitizer,
SafeHtml,
SafeStyle,
SafeScript,
SafeUrl,
SafeResourceUrl
} from "@angular/platform-browser";
@Pipe({
name: "safe"
})
export class SafePipe implements PipeTransform {
constructor(protected sanitizer: DomSanitizer) {}
public transform(
value: any,
type: string
): SafeHtml | SafeStyle | SafeScript | SafeUrl | SafeResourceUrl {
switch (type) {
case "html":
return this.sanitizer.bypassSecurityTrustHtml(value);
case "style":
return this.sanitizer.bypassSecurityTrustStyle(value);
case "script":
return this.sanitizer.bypassSecurityTrustScript(value);
case "url":
return this.sanitizer.bypassSecurityTrustUrl(value);
case "resourceUrl":
return this.sanitizer.bypassSecurityTrustResourceUrl(value);
default:
throw new Error(`Invalid safe type specified: ${type}`);
}
}
}