我遇到了试图消毒
的坏事错误 <style> <!--n--> </style>
给出了不良解析误差angularjs。我在模块中使用ngsanitize进行消毒。我能够很好地解析大多数HTML内容,但这会失败。
这个字符串失败的特殊原因是吗?
tia
angular.module('app', ['ngSanitize'])
.controller('ctrl', ['$scope', '$sce', function($scope, $sce) {
$scope.style = $sce.trustAsHtml(
`<script>
alert("Some bad");
</script>
<style>
.green{
background-color:green
}
</style>`);
}])
<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.16/angular.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.16/angular-sanitize.min.js"></script>
<div ng-app='app' ng-controller="ctrl">
<div ng-bind-html='style'></div>
<div class='green'>Green</div>
</div>