0

Basically my problem is that when i fetch data using $http.get method of the AngularJS , the Json encoded data which is printed by the PHP doesnt render in the website instead it shows as plain text.. for ex when PHP prints <h3 class=\"someclass\">Hello World<\/div>" and also simultaneously i try to parse the JSON using JSON.parse but it gives me Syntax Error: Unexpected token o . Basically the received HTML markup is not rendered.. Its just as plain text.. See below:

enter image description here

The h3 tag that i rectangled in black doesn't render in the page. Even in the source you can see its not as a markup but as a plain text.

ChanX
  • 362
  • 3
  • 9
  • 26
  • Can you post the JSON so we can see what's wrong with that? – opatut Jan 22 '15 at 07:27
  • the json that php encoded is `Object {failData: "

    Write Your 1st Note !!

    "} controller.js:19`     – ChanX Jan 22 '15 at 07:37
  • That is no valid JSON. Assuming we're talking about parsing `{failData....}`, there is wrong quote nesting. The string `failData` is only `"

     – opatut Jan 22 '15 at 07:42

3 Answers3

0

There is a pretty good answer on escaping/not escaping HTML in angular here: https://stackoverflow.com/a/19417443/402551

It is a security feature that text injected into the DOM is not parsed as HTML, which saves you against some XSS attacks and the like. You have to manually ensure that it is rendered, so you need to think about the security implications yourself. Please familiarize yourself with XSS mechanisms and sanitize your input, before you bypass the escaping.

In general, Angular is designed in a way that you do not render any HTML server-side, just supply your frontend with the data and render there. This way, you won't have most of these problems. Please review, whether you can change that in your project.

Community
  • 1
  • 1
opatut
  • 6,708
  • 5
  • 32
  • 37
0

Use ng-bing-html to escape HTML content from the response,

While getting the response do as below,

$scope.temp_variable=$sce.trustAsHtml(response);

In your HTML display the value like this,

<div>
    <span ng-bind-html="temp_variable"></span>
</div>
opatut
  • 6,708
  • 5
  • 32
  • 37
Janaki Sathiyamurthy
  • 578
  • 1
  • 5
  • 21
0

To print an html data, Ned to include sanitize Module first http://ajax.googleapis.com/ajax/libs/angularjs/1.5.0/angular-sanitize.js

Then create a filter 

Rapp.filter('unsafe', function($sce) {
    return function(val) {
        return $sce.trustAsHtml(val);
    };
});

Then write the html as shown below 

<span ng-bind-html="myWelcome | unsafe"></span>
Syam kumar KK
  • 524
  • 2
  • 6
  • 32