What is the use of having $ sce or Strict Contextual Escaping in angularjs and why is the reaction not needed?

Question

What is the use of having $ sce or Strict Contextual Escaping in angularjs and why is the reaction not needed?

I am puzzled by the fact that I really cannot see the true benefit of having SCE in angularjs (even after reading the document) about the security benefits and wondering why the reaction does not need such SCE in it?

So just rearrange the question:

SCE Benefits
Why does Angular do this but not respond?

+4

javascript angularjs reactjs javascript-framework

Ezeewei Feb 22 '16 at 15:33

source share

1 answer

Sergiu Paraschiv · Accepted Answer · 2016-02-22T16:52:23+0000

React, {text}, , . . dangerouslySetInnerHTML={{__html: text}}, text, , :)

Angular . , , HTML , . $sce - , , React dangerouslySetInnerHTML, , Angular, {sceWrappedText} . , , , .

$sce , parseAsHtml, HTML . , $sanitize , ng-click ..

: $sce, dangerouslySetInnerHTML , , ( ) HTML. , . , :

, ;
(https://github.com/mganss/HtmlSanitizer, https://www.npmjs.com/package/sanitize-html )
HTML, , ( '<b>' + parseInt(this.props.numberFromTextInput, 10) + '</b>')

:

$scope.text = '<b>foo</b>';

:

<div>{{text}}</div>

"Hello, <b>foo</b>!"

$scope.text = $sce.trustAsHtml('<b>foo</b>');

"Hello, foo!"

React dangerouslySetInnerHTML, <div dangerouslySetInnerHTML={{__html: '<b>foo</b>'}} /> "Hello, foo!" <div>{'<b>foo</b>'}</div> .

What is the use of having $ sce or Strict Contextual Escaping in angularjs and why is the reaction not needed?

More articles: