UNPKG

trust-html

Version:

Pipe for angular2+ projects which allows you to inject non-escaped HTML content into your templates.

github.com/tvicpe/trust-html

tvicpe/trust-html

101 lines (81 loc) 2.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
trust-html ===== 1. [Description](#description) 2. [Installation](#installation) 3. [Usage](#usage) 4. [Methods](#methods) 5. [Git repository](#git) 6. [Build](#build) 7. [Publish to npm](#publish) 8. [Version](#version) ### <a name="description"></a>1. Description `TrustHtmlModule` is a module for angular2+ projects which allows you to inject the HTML content into your templates. ### <a name="installation"></a>2. Installation Install the module into your application and save it as a dev dependency in your `package.json` file ``` npm install trust-html --save-dev ``` ### <a name="usage"></a>3. Usage In order to use the `TrustHtmlPipe` you have to include/import the `TrustHtmlModule` into your application: ```typescript import {TrustHtmlModule} from 'trust-html'; @NgModule({ //... imports: [ //... TrustHtmlModule ], //... }) ``` Or you can include the pipe directly in your components declarations list in your `@NgModule(...)`: ```typescript import {TrustHtmlPipe} from "trust-html"; @NgModule({ //... declarations: [TrustHtmlPipe], //... }) ``` Use it in your template to "inject" trusted HTML content: ```angular2html <div [innerHTML]="'<strong>test html content</strong>' | trustHtml"></div> ``` Output: ```html <div> <strong>test html content</strong> </div> ``` ### <a name="methods"></a>4. Methods #### transform(htmlString: string): any Bypass security and trust the given value to be safe HTML. The sanitizer will leave safe HTML intact. **WARNING:** in Angular version 2.x, calling this method with untrusted user data exposes your application to XSS security risks! *Parameters:* **htmlString** - HTML string which should not be escaped. *Return:* Method returns the intact HTML string. ### <a name="git"></a>5. Git repository [https://github.com/tvicpe/trust-html](https://github.com/tvicpe/trust-html) ### <a name="build"></a>6. Build To build the final package run this command: ``` ng build trust-html ``` The build process will generate the packed sources into the `dist` folder. ### <a name="publish"></a>7. Publish to npm To publish the new version to `npm`, go into the `dist` folder: ``` cd ./dist/trust-html ``` and publish it to npm: ``` npm publish ``` ### <a name="version"></a>8. Version 1.0.0