I am trying to load the iFrame on Angular2 . However the address is loaded dynamically .
The live code is : https://angular-fgzjog.stackblitz.io
Inside app.coponent.ts
<!-- this works -->
<p>
iframe address : {{iFrameSrc}}
</p>
<!--- this does not work -->
<div class="embed-responsive embed-responsive-16by9">
<iframe class="embed-responsive-item" [src]="iFrameSrc"></iframe>
</div>
Angular is sanitizing whatever you try to put into the iframe src to prevent unsafe content. Therefore you must sanitize your url to tell Angular that you intentionally add this url and that it is safe!
https://angular.io/api/platform-browser/DomSanitizer
So either add this logic to your component and call:
constructor(
private domSanitizer: DomSanitizer,
// ...
) // ...
this.safeiFrameSrc = this.domSanitizer.bypassSecurityTrustUrl(this.iFrameSrc)
<!-- template binding: -->
<div class="embed-responsive embed-responsive-16by9">
<iframe class="embed-responsive-item" [src]="safeiFrameSrc"></iframe>
</div>
Or you could also create a pipe:
@Pipe({
name: 'safe'
})
export class SafePipe implements PipeTransform {
constructor(protected sanitizer: DomSanitizer) {}
transform(value: string, type: string = 'url'): SafeHtml | SafeStyle | SafeScript | SafeUrl | SafeResourceUrl {
switch (type) {
case 'html':
return this.sanitizer.bypassSecurityTrustHtml(value);
case 'style':
return this.sanitizer.bypassSecurityTrustStyle(value);
case 'script':
return this.sanitizer.bypassSecurityTrustScript(value);
case 'url':
return this.sanitizer.bypassSecurityTrustUrl(value);
case 'resourceUrl':
return this.sanitizer.bypassSecurityTrustResourceUrl(value);
default:
throw new Error(`Unable to bypass security for invalid type: ${type}`);
}
}
}
<!-- usage: -->
<div class="embed-responsive embed-responsive-16by9">
<iframe class="embed-responsive-item" [src]="iFrameSrc | safe"></iframe>
</div>
This should resolve the issue!
