https://jsfiddle.net/BRNTZN/05c1agtb/18/
.HTML:
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.5.6/angular.min.js"></script>
<script src="myapp.js"></script>
</head>
<body ng-app="myapp">
<div ng-controller="mainctrl">
{{query}}
<iframe ng-src="https://www.google.be/search?q={{query}}"></iframe>
</div>
</body>
</html>
.JS:
var app = angular.module('myapp', []);
app.config(function($sceDelegateProvider) {
$sceDelegateProvider.resourceUrlWhitelist([
'self',
'https://www.google.be/**'
]);
});
app.controller('mainctrl', function MainController($scope) {
$scope.query = "javascript";
});
在小提琴之外执行上述操作时,我在控制台中收到以下js错误:
Error: [$interpolate:noconcat] http://errors.angularjs.org/1.5.6/$interpolate/noconcat?p0=https%3A%2F%2Fwww.google.be%2Fsearch%3Fq%3D%7B%7Bquery%7D%7D
at angular.js:38
at Function.Ka.throwNoconcat (angular.js:11887)
at k (angular.js:12193)
at ha (angular.js:9606)
at $b (angular.js:8553)
at s (angular.js:8378)
at s (angular.js:8394)
at s (angular.js:8394)
at aa (angular.js:8281)
at angular.js:1782
其中链接指向以下解释:
Error while interpolating: https://www.google.be/search?q={{query}}
Strict Contextual Escaping disallows interpolations that concatenate multiple expressions when a trusted value is required. See http://docs.angularjs.org/api/ng.$sce
这很奇怪,因为我正在将"https://www.google.be/**"列入白名单,正如我的小提琴所证明的那样。
为什么白名单没有任何效果?
我不认为ng-src适用于$sce。 在小提琴中将ng-src更改为ng-bind-html有效。
<iframe ng-bind-html="https://www.google.be/search?q={{query}}"></iframe>
https://jsfiddle.net/05c1agtb/19/