Closed oztek22 closed 7 years ago
SamirHodzic
commented
7 years ago Don't have time to play with it soon. That wasn't case with Angular2 as I remember, but probably you will need some kind of workaround for it. Feel free to make a pull request if you figure it out.
dkeulen
commented
7 years ago Don't know if you have encounter this before, but in ng2 its needed to sanitize url's, raw html, etc when injecting it into the dom from a returned value.
This should be part of this component already if it isn't. Angular does not like you inserting DOM elements or url's with javascript because it could be a potential attack.
Looking at the code i'd say angular isn't happy when you return the complete iframe and try to inject it into the dom. the iframe code should be sanitized.
Put the iframe it returns into a variable and return it like so:
return this.sanitizer.bypassSecurityTrustHtml(iframeVariable); (typescript)
this.sanitizer is from import { DomSanitizer } from 'angular/platform-browser';
This should get rid of the security messages.
https://angular.io/api/platform-browser/DomSanitizer https://angular.io/guide/security
Hope this helps.
SamirHodzic
commented
7 years ago @dkeulen if you have time to improve it and test if it gets rid of security messages, feel free to make a pull request.
SamirHodzic
commented
7 years ago Closing, 0b4bbad7c39e81d0b2f5a8618bcad7964b46e3d0.
getting this error while using it in Angular4 with innerHTML