when using bypasssecurityTrustHtml mthod to render template

cure53 / DOMPurify

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

https://cure53.de/purify

Other

13.34k stars 690 forks source link

when using bypasssecurityTrustHtml mthod to render template #946

Closed Mani9398 closed 2 months ago

Mani9398 commented 2 months ago

when using bypasssecurityTrustHtml method to render template safely .it is rendering properly but aftersome time it is giving these SafeValue must use [property]=binding: (see https://g.co/ng/security#xss)

this is the div element <div class="message-content phenom-heap-redact-text" [innerHTML]="conversation?.content?.text || conversation?.content?.previewText">

here we are sanitizig before passing to it this.conversationList.forEach((conversation, index) => { if (conversation.channel === 'email' && conversation?.content?.text) { // Push the content.text to the emailConversations array const text = conversation?.content?.text; const htmlContent = this.sanitizer.bypassSecurityTrustHtml(text); conversation.content.text = htmlContent; } });

can you provide suggestion for these

cure53 commented 2 months ago

Unclear what the problem is, please be more precise, else we have to close the ticket as unactionable.

Mani9398 commented 2 months ago

const htmlContent = this.sanitizer.bypassSecurityTrustHtml(text); iam using this method to renderhtml content it is rendering safely for the first time . after some time nearly 1 minute iam getting below 2 lines on rendered elemnet above and below.

SafeValue must use [property]=binding: (see https://g.co/ng/security#xss)

cure53 commented 2 months ago

Nothing that we can do here it seems, sorry.