Hi Clement, The best thing you can do is convince your UI guy he is _very_ mistaken by disabling SCE. Send him info on how XSS works, and explain what can happen. Also, and this is very important for your future!, let him sign off a disclaimer that you are not taking response for that decision. With that out of the way, using ngSanitize is what you can, and should do in this case! You can use it along with $sce, it's purpose is a bit different. $sce prevents anything that's not 'valid' from rendering. (Oversimplifying here!) ngSanitize processes a html-string, and takes out anything that can be dangerous, leaving a 'safer' html sting. (you can then use $sce.trustAsHtml(resultingString) to put it in your view)
Does that help? Regards Sander -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/groups/opt_out.
