Hi, is it possible to keep a specific data attribute with the DomSanitizer ?
For the moment I am doing these steps : 1. Extract the data-attribute with a regex from the html string, 2. Call the DomSanitizer on the html string, 3. Reinject the data-attribute in the sanitized html. 4. call DomSanitizer.bypassSecurityTrustHtml on the result of the previous step to obtain a SafeHtml instance. 5. Inject the result with: <div [innerHTML]="mySafeHtml"></div> It is working but I find this a little bit tricky so I would be interested by a more conventional solution. Subsidary question: what are the risks of an XSS attack with a data attribute (quoted and html encoded) ? Regards, Arnaud. -- You received this message because you are subscribed to the Google Groups "Angular and AngularJS discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
