Inject input in innerHTML angular 2
You should trust the HTML
first before injecting it. You have to use the DomSanitizer
for such a thing. An <h3>
element is considered safe. An <input>
element is not.
Change your FaxSendComponent
to something like this:
export class FaxSendComponent {
private _inputpdf: string = '<input type="text" name="fname">';
public get inputpdf() : SafeHtml {
return this._sanitizer.bypassSecurityTrustHtml(this._inputpdf);
}
constructor(private _sanitizer: DomSanitizer){}
}
And have your template stay the same as this:
<div [innerHTML]="inputpdf"></div>
A little heads-up though:
WARNING: calling this method with untrusted user data exposes your application to XSS security risks!
If you plan on using this technique more, you can try to write a Pipe
to fulfil this task.
@Pipe({
name: 'sanitizeHtml'
})
export class SanitizeHtml implements PipeTransform {
constructor(private _sanitizer: DomSanitizer){}
transform(v: string) : SafeHtml {
return this._sanitizer.bypassSecurityTrustHtml(v);
}
}
If you have a pipe like this, your FaxSendComponent
will change to this:
@Component({
selector: 'fax-send',
template: `<div [innerHTML]="inputpdf | sanitizeHtml"></div>`
})
export class FaxSendComponent {
public inputpdf: string = '<input type="text" name="fname">';
}
Using Angular 2+ [innerHTML] to add html including style attributes
You're nearly there.
You just need to make sure that you are using your pipe for your HTML string.
Example pipe:
import {Pipe} from '@angular/core';
import {DomSanitizer, SafeHtml, SafeStyle, SafeScript, SafeUrl, SafeResourceUrl} from '@angular/platform-browser';
@Pipe({
name: 'safe'
})
export class SafePipe {
constructor(protected sanitizer: DomSanitizer) {}
transform(htmlString: string): any {
return this.sanitizer.bypassSecurityTrustHtml(htmlString);
}
}
Example usage:
<span [innerHTML]="someVar | safe"></span>
Hope this helps!
Angular 2 innerHTML (click) binding
That's by design. Angular doesn't process HTML added by [innerHTML]="..."
(except sanitization) in any way. It just passes it to the browser and that's it.
If you want to add HTML dynamically that contains bindings you need to wrap it in a Angular2 component, then you can add it using for example ViewContainerRef.createComponent()
For a full example see Angular 2 dynamic tabs with user-click chosen components
A less Angulary way would be to inject ElementRef
, accessing the added HTML using
elementRef.nativeElement.querySelector('a').addEventListener(...)
Angular HTML binding
The correct syntax is the following:
<div [innerHTML]="theHtmlString"></div>
Documentation Reference
How to get angular2 [innerHtml] to work
Angular uses {{property}}
for interpolation of values. That is the way that you would display plain text in your div
, like so
Solution 1:
<div class="blog-post">{{testhtml}}</div>
But that will write out text, not HTML.
For HTML, you will need to bind to the property
Solution 2:
<div class="blog-post" [innerHtml]="testhtml"></div>
Note I moved the [innerHtml]
to inside the div
tag.
Leaving out the square brackets would bind to the attribute, so you would need to interpolate again
Solution 3:
<div class="blog-post" innerHtml="{{testhtml}}"></div>
The property binding (Solution 2) is the preferred method.
Related Topics
Why Is My Background Color Not Showing If I Have Display: Inline
Using "Label For" on Radio Buttons
Onerror Event Using Background: Url()
How to Semantically Add Heading to a List
Svg Line Markers Not Updating When Line Moves in Ie10
Web Link to Specific Whatsapp Contact
How to Set A:Link Height/Width with CSS
How to Calc() The Number of Rows in a Grid Template
Why Does Border: 5Px Dashed Not Come Out as Dashed in Firefox
Flexbox Horizontal Menu Centering While Keeping Last Element to The Right Side
Can an HTML Email Body Reference a File Sent as an Attachment (In The Same Email)
Why Does HTML5 Recommend Putting The Code Element Inside Pre
Textarea to Fill a Parent Container Exactly, with Padding
Angular 2 - How to Hide Nav Bar in Some Components
Object-Fit Not Affecting Images