Closed Schaussi closed 6 years ago
@Schaussi the only element that will pass scripts into the page is the type template.
{
"type":"template",
"template":"<a href='#' onclick='alert(\"sup bro?\"); return false;' >Test</a>"
}
The other fields are all being passed by AngularJS $sanitize
which you can pass config to and allow elements to be whitelisted, I haven't tested it but I would expect it to work.
Thank you for your hints.
In my special case, I ended up with this approach:
<a href="#test">test</a>
window.setTimeout(meow, 8000); function meow() { var link = $('a[href="#test"]'); link.click(testfunction); };
I know it's not the best way to achieve this, but for my needs it works fine.
Glad you found a workable solution for your case :)
Please comment if you want to re-open but I will close now for housekeeping purposes.
Enhancement
As a developer, when I use HTML links in the schema definition's description properties, I should be able to use attributes like "onClick" or "id".
Expected behaviour
Using e.g. this line in schema config,
"description": "<a href='test' id=\"testID\" ng-click='testClick' onclick='testClick2()' title='testTitle'>Testlinktext</a>"
I expected this output:
<a href='test' id=\"testID\" ng-click='testClick' onclick='testClick2()' title='testTitle'>Testlinktext</a>
Actual behaviour
Actual output:
<a title="testTitle" href="test">Testlinktext</a>
It seems like some additional attributes are deleted somewhere, but others like "title" or "href" seem to be allowed. Especially the "id" attribute would be important for me. Please give me some hints how to solve this. Thank you!
@json-schema-form/angular-schema-form-lead