Sanitize url in an object rather than single url

Question

I have an object having success, summary and detail elements used for displaying message in PrimeNG message (p-messages) after record is created. After record is created I call displayMessage method in order to set msg variable

form.ts:

...
this.displayMessage(data);

baseForm.ts:

displayMessage(data: string) {
    var success = data["success"];
    var summary = data["summary"];        
    var detail = data["detail"]; // <a href="http:/.... ">name</a>
    this.msg.push({ success: success, summary: summary, detail: detail });
}

and then display message as shown below in html:

<p-messages [value]="msg"></p-messages>

However, the hyperlink tag “<a” is changed to “<a” and I think I need to sanitize the url by using something as explained on Angular 6 sanitize local drive url. Although I tried to use that method, I did not succeed because I need to sanitize the url in the detail variable and the related method is on the base class. So, how can I make the url display correctly? And what changes should be made in the given example?

Inside data['detail'] do you only have the url string (`http://....` ) or the html a element (`name`) ? — gbalduzzi, Jul 20 '20 at 15:43
On the other hand, I debugged hyperlink until it come to html and the hyperlink sees to be ok. But in the html page, it is changed. — , Jul 20 '20 at 15:46

score 1 · Accepted Answer · answered Jul 20 '20 at 15:45

1

You must tell primeNG not to escape the detail:

<p-messages [value]="msg" [escape]="false"></p-messages>

answered Jul 20 '20 at 15:45

gbalduzzi

9,356
28
58

**You rock!..** Where have you been? I have look at many pages regarding to the problem and have not seen any solution even if more difficult one comparing to your solution :) It is very simple and elegant, voted++ ;) – Jul 20 '20 at 15:51
2

I just googled for the [official documentation](https://www.primefaces.org/primeng/showcase/#/messages) – gbalduzzi Jul 20 '20 at 15:52
If the answer is correct you should mark it as accepted, unless you want to wait for more answers – gbalduzzi Jul 20 '20 at 15:53
1

Of course will mark it answer, but I have to wait some minutes as SO does not let me mark as answer. Now it is OK. – Jul 20 '20 at 15:54
What is escape meaning in here? Escape from some characters? – Jul 20 '20 at 15:55
1

If you enable escaping, HTML custom symbols (such as `<`, `>`) are escaped, i.e. trasformed in a way that browsers does not treat them as HTML symbols but at a normal text. Without escaping, it would be impossibile to print `<` in a page. See https://en.wikipedia.org/wiki/Character_encodings_in_HTML#XML_character_references – gbalduzzi Jul 20 '20 at 16:06

Sanitize url in an object rather than single url

1 Answers1