search

ReactiveX / rxjs-docs

The home for new work on the new RxJS docs (RxJS v 5 and up). New to this space? Say hi here: https://github.com/ReactiveX/rxjs-docs/issues/24. Want to find out what's up? We're chatting here. https://github.com/ReactiveX/rxjs-docs/issues/4
Apache License 2.0
160 stars 62 forks source link

How to deal with potentially unsafe HTML inside OperatorDocs? #151

Closed nicolaisueper closed 6 years ago

nicolaisueper commented 6 years ago

Hey there,

while working on #149, I was requested to put a link to another operator inside the OperatorDoc for combineLatest. My href attribute got sanitized and it resulted in <a>.startWith</a>.

I temporarily created a SafeHtmlPipe (analogous to the SafeUrlPipe), which bypasses the sanitizing.

I wanted to know if you all agree with my solution or maybe anyone else has an idea how to deal with issues like this.

Greets Nico

btroncone commented 6 years ago

Hmm, this shouldn't be the case. We are binding to[innerHTML] elsewhere without issue. I attempted to recreate this locally and did not receive an error. I will need to look more closely at your branch to see if there is something I missed.

See combineAll for another place we are binding to innerHTML with a link.

nicolaisueper commented 6 years ago

Try to check out my branch and remove the safeHtml pipe from the operator-extras.component.html

nicolaisueper commented 6 years ago

Now I'm confused. I removed it myself and it didn't complain. Closing this. 🤔