0

I have an Angular service which returns SVGElements, and I'd like to include them in a template, but I'm having trouble inserting them into the template. I'm sure this is a common thing to do but all my Googling and RTFM'ing, has failed me.

Here's a minimal example (after calling ng init, of course):

[app.component.html]
<h1>
  {{title}}
  <div [innerHTML]="circle"></div>
  <div [innerHTML]=circle.outerHTML></div>
  <div >{{circle}}</div>
  <div >{{circle.outerHTML}}</div>
</h1>

, 

[app.componoent.ts]
import { Component } from '@angular/core';

// create an SVGElement
var svg_string  = '<svg xmlns="http://www.w3.org/2000/svg" height="100" width="100"> <circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red" /> </svg>'
var parser = new DOMParser();
var circle_elt = parser.parseFromString(svg_string, "image/svg+xml").childNodes[0];

@Component({
  selector: 'app-root',
  templateUrl: './app.component.html',
  styleUrls: ['./app.component.css']
})
export class AppComponent {
  title = 'app works!';
  circle = circle_elt;
}

And what I get is a web page that displays the text: 

app works!
[object SVGSVGElement]
[object SVGSVGElement]
<svg xmlns="http://www.w3.org/2000/svg" height="100" width="100"> <circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red"/> </svg>

and in the console, there are messages stating:

"WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss)."

Roham Rafii
  • 2,929
  • 7
  • 35
  • 49
Jthorpe
  • 9,756
  • 2
  • 49
  • 64

1 Answers1

1

You need to apply the sanitizer:

constructor(private sanitizer:DomSanitizer){}

var circle_elt = this.sanitizer.bypassSecurityTrustHtml(
    parser.parseFromString(svg_string, "image/svg+xml").childNodes[0]
);

See also In RC.1 some styles can't be added using binding syntax

Community
  • 1
  • 1
Günter Zöchbauer
  • 623,577
  • 216
  • 2,003
  • 1,567