Use of bypassSecurityTrustResourceUrl is giving SafeValue must use [property] in result

Question

i am tring to parse images using bypassSecurityTrustResourceUrl but in output I am getting

SafeValue must use [property]=binding: data:image/jpeg;base64,(actual data) (see http://g.co/ng/security#xss)

as shown in below image

Here is my code

  loadImages(): void {
    this.projectsDetailService.getById(this.param_id).
    subscribe((data: any) => {
      console.log("Step 1")
      this.projectList = data;
      for (var index in this.projectList) {
        this.images = this.projectList[index].img;
        this.objectURL = 'data:image/jpeg;base64,' + this.images;
        this.thumbnail1 = this.sanitizer.bypassSecurityTrustResourceUrl(this.objectURL);
        this.projectList[index].img = this.thumbnail1;
        console.log("Data is "+this.thumbnail1);

      }
       
      
      }
       );
      }

even i am tring to use it in html file i am getting the following error

score 0 · Answer 1 · answered Jan 01 '21 at 13:09

0

As mentioned in the error description, you have to use property binding way to get rid of this error. Take a look at the exact solution by Günter Zöchbauer here. Safe value must use [property]=binding after bypass security with DomSanitizer

answered Jan 01 '21 at 13:09

Ankit Choudhary

145
2
13

Use of bypassSecurityTrustResourceUrl is giving SafeValue must use [property] in result

1 Answers1