Open mixuala opened 5 years ago
Hey guys, any updates on this? I am facing it now as well
Having the same issue... cannot use ion-img because of that.
This is an issue for me now too. It makes it impossible to use Pipes to transform urls which is quite common for dom sanitisation.
Same problem here. Must be an easy fix. Please, fix it.
Me too
any updates on this issue?
Have the same problem. Anything new?
Thanks for the issue. I can reproduce the issue. The problem here is that using one of the sanitizer methods to eject from the sanitizer returns an object, not the url string.
As a result, when you pass the bypassed value to ion-img
, ion-img
receives an object and so the image does not load. Angular unwraps this automatically, but it looks like there needs to be something else done so that it will work with ion-img
.
till now , this bug is not fixed. already 2yrs to be over lol.
Bug Report
Ionic version:
[x] 4.x
Current behavior: ionImg (used together with ionVirtualScroll) does not work with src values that have been sanitized using
safeUrl = domSanitizer.bypassSecurityTrustUrl(url);
. It throws and error like"capacitor://localhost/SafeValue must use [property]=binding: capacitor://localhost/_capacitor_file_/Users/user/Library/.../Library/Caches/img/C409D956-DE09-406D-A7EF-3207DF705B64-L0-001~100x100.JPG (see http://g.co/ng/security#xss)
This probably happens because
ionImg
outputs IMG.src without using[src]=binding
.see: https://github.com/ionic-team/ionic/blob/master/core/src/components/img/img.tsx
Expected behavior: It should display the sanitized url, the same as the
HTMImageElement
.Steps to reproduce: see above
Related code: https://stackblitz.com/edit/ionic-v4-angular-tabs-6um4j8
Other information:
Ionic info: