Why is my Angular escaping HTML, and how can I get it to pass trusted raw data?

Question

I have a modification of the phonecat app from an AngularJS tutorial. However, depending on which lines I comment out, it either displays THs with images or doesn't populate that area of my page.

My code, among other permutations, is:

        <table border="0" id="book-list">
            <tbody>
                <tr ng-repeat="book in books | filter:query">
                    <th>
                        <a ng-href = "{{ book.url }} "><img ng-src="{{ book.cover }}"></a>
                    </th>
                    <td>
                        <!--
                        <p>{{ book.links }}</p>
                        <p>{{ book.snippet }}</p>
                        -->
                        <p ng-src="{{ book.links }}"></p>
                        <p ng-src="{{ book.snippet }}"></p>

                    </td>
            </tbody>
       </table>

The {{ book.links }} in particular escapes HTML, and I would like to pass the raw, unescaped HTML string (which I am the sole author for), instead of an escaped HTML string.

(I'm intentionally leaving out further details in the interest of preventing spam. If someone asks for a relevant XYZ, I should be able to post it.)

So you want to [bind HTML](https://docs.angularjs.org/api/ng/directive/ngBindHtml)? — jonrsharpe, Jul 15 '16 at 09:01
http://stackoverflow.com/questions/14761724/angularjs-insert-html-from-a-string — Clyde Lobo, Jul 15 '16 at 09:02

score 2 · Accepted Answer · answered Jul 15 '16 at 09:03

2

Try using ng-bind-html="book.links"

It sanitizes the ressource first so it can be truly trusted

More details here https://docs.angularjs.org/api/ng/directive/ngBindHtml

answered Jul 15 '16 at 09:03

Sami Triki

408
3
7

Why is my Angular escaping HTML, and how can I get it to pass trusted raw data?

1 Answers1