In Web front-end development, we often encounter the need to dynamically bind some HTML strings from the backend or dynamic splicing to the page DOM display, especially in the content management system (CMS: Content Management System) abbreviation), such needs are everywhere.
Readers of angular will definitely first think of ngBindHtml. Yes, angular provides us with this instruction to dynamically bind HTML. It will bind the calculated expression result to the DOM using innerHTML. However, the problem is not that simple. In Web security, XSS (Cross-site scripting, script injection attack) is a typical computer security vulnerability in Web applications. XSS attacks refer to injecting executable client-side code into web pages and successfully executing them by the browser to achieve the purpose of the attack, forming an effective XSS attack. Once the attack is successful, it may obtain some sensitive information of the user. Changing the user experience, inducing users and other illegal behaviors, sometimes XSS attacks are combined with other attack methods, such as SQL injection attacks on servers and databases, Click hijacking, relative link hijacking, etc. to implement phishing. The harm it brings is huge, and it is also a web The number one enemy of security. For more web security issues, please refer to the wiki https://en.wikipedia.org/wiki/Cross-site_scripting%E3%80%82
In angular, the default is not to believe the added HTML content. The added HTML content must first use $sce.trustAsHtml to tell angular that this is trustworthy HTML content. Otherwise you will get $sce:unsafe exception error.
Error: [$sce:unsafe] Attempting to use an unsafe value in a safe context.
The following is a demo that binds a simple angular link:
HTML:
<div ng-controller="DemoCtrl as demo">
<div ng-bind-html="demo.html"></div>
</div>JavaScript:
angular.module("com.ngbook.demo", [])
.controller("DemoCtrl", ["$sce", function($sce) {
var vm = this;
var html = '<p>hello <a href="https://angular.io/">angular</a></p>';
vm.html = $sce.trustAsHtml(html);
return vm;
}]);For simple static HTML, this The problem is solved. But for complex HTML, complexity here refers to HTML templates with angular expressions and instructions. For them, we not only hope to bind large DOM displays, but also hope to get angular's powerful two-way binding mechanism. ngBindHhtml will not be associated with $scope for two-way binding. If there are ngClick, ngHref, ngSHow, ngHide and other angular instructions in HTML, they will not be compiled. Clicking these buttons will not cause any reaction. The expression of binding The formula will not be updated. For example, if you try to change the last link to: ng-href="demo.link", the link will not be parsed, and the original HTML string will still be seen in the DOM.
To take effect, all instructions in angular need to go through compile. Compile contains pre-link and post-link, and is connected to specific behaviors before they can work. In most cases, compile will be automatically compiled when angular starts. But if it is a dynamically added template, you need to compile manually. Angular provides us with the $compile service to implement this function. The following is a more general compile example:
HTML:
<body ng-controller="DemoCtrl as demo">
<dy-compile html="{{demo.html}}">
</dy-compile>
<button ng-click="demo.change();">change</button>
</body>JavaScript:
angular.module("com.ngbook.demo", [])
.directive("dyCompile", ["$compile", function($compile) {
return {
replace: true,
restrict: 'EA',
link: function(scope, elm, iAttrs) {
var DUMMY_SCOPE = {
$destroy: angular.noop
},
root = elm,
childScope,
destroyChildScope = function() {
(childScope || DUMMY_SCOPE).$destroy();
};
iAttrs.$observe("html", function(html) {
if (html) {
destroyChildScope();
childScope = scope.$new(false);
var content = $compile(html)(childScope);
root.replaceWith(content);
root = content;
}
scope.$on("$destroy", destroyChildScope);
});
}
};
}])
.controller("DemoCtrl", [function() {
var vm = this;
vm.html = '<h2>hello : <a ng-href="{{demo.link}}">angular</a></h2>';
vm.link = 'https://angular.io/';
var i = 0;
vm.change = function() {
vm.html = '<h3>change after : <a ng-href="{{demo.link}}">' + (++i) + '</a></h3>';
};
}]);A directive called dy-compile is created here, which will first listen for bindings Changes in the value of the attribute html. When the html content exists, it will try to first create a subscope, and then use the $compile service to dynamically connect the incoming html and replace the current DOM node; the reason for creating the subscope here is It is convenient to destroy the scope easily every time the DOM is destroyed, remove the watchers function brought by HTML compile, and when the last parent scope is destroyed, it will also try to destroy the scope.
Because of the above compile compilation and connection, the ngHref instruction can take effect. Here is just an attempt to give an example of dynamic compile angular module. For specific implementation methods, please refer to your business to declare specific directives.
The above is the detailed content of How to dynamically bind HTML. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How do I minimize the size of HTML files?
Jun 24, 2025 am 12:53 AM
To reduce the size of HTML files, you need to clean up redundant code, compress content, and optimize structure. 1. Delete unused tags, comments and extra blanks to reduce volume; 2. Move inline CSS and JavaScript to external files and merge multiple scripts or style blocks; 3. Simplify label syntax without affecting parsing, such as omitting optional closed tags or using short attributes; 4. After cleaning, enable server-side compression technologies such as Gzip or Brotli to further reduce the transmission volume. These steps can significantly improve page loading performance without sacrificing functionality.
How has HTML evolved over time, and what are the key milestones in its history?
Jun 24, 2025 am 12:54 AM
HTMLhasevolvedsignificantlysinceitscreationtomeetthegrowingdemandsofwebdevelopersandusers.Initiallyasimplemarkuplanguageforsharingdocuments,ithasundergonemajorupdates,includingHTML2.0,whichintroducedforms;HTML3.x,whichaddedvisualenhancementsandlayout
How do I use the element to represent the footer of a document or section?
Jun 25, 2025 am 12:57 AM
It is a semantic tag used in HTML5 to define the bottom of the page or content block, usually including copyright information, contact information or navigation links; it can be placed at the bottom of the page or nested in, etc. tags as the end of the block; when using it, you should pay attention to avoid repeated abuse and irrelevant content.
How do I use the tabindex attribute to control the tab order of elements?
Jun 24, 2025 am 12:56 AM
ThetabindexattributecontrolshowelementsreceivefocusviatheTabkey,withthreemainvalues:tabindex="0"addsanelementtothenaturaltaborder,tabindex="-1"allowsprogrammaticfocusonly,andtabindex="n"(positivenumber)setsacustomtabbing
What is the declaration, and what does it do?
Jun 24, 2025 am 12:57 AM
Adeclarationisaformalstatementthatsomethingistrue,official,orrequired,usedtoclearlydefineorannounceanintent,fact,orrule.Itplaysakeyroleinprogrammingbydefiningvariablesandfunctions,inlegalcontextsbyreportingfactsunderoath,andindailylifebymakingintenti
How do I use the and elements to provide a caption for an image?
Jun 24, 2025 am 12:45 AM
The standard way to add titles to images in HTML is to use and elements. 1. The basic usage is to wrap the image in the tag and add a title inside it, for example: this is the title of the image; 2. The reasons for using these two tags include clear semantics, convenient style control, and strong accessibility, which helps the browser, crawler and screen readers to understand the content structure; 3. Notes include that it can be placed up and down but needs to maintain logical order, cannot replace the alt attribute, and can contain multiple media elements to form a whole unit.
What is the loading='lazy' one of the html attributes and how does it improve page performance?
Jul 01, 2025 am 01:33 AM
loading="lazy" is an HTML attribute for and which enables the browser's native lazy loading function to improve page performance. 1. It delays loading non-first-screen resources, reduces initial loading time, saves bandwidth and server requests; 2. It is suitable for large amounts of pictures or embedded content in long pages; 3. It is not suitable for first-screen images, small icons, or lazy loading using JavaScript; 4. It is necessary to cooperate with optimization measures such as setting sizes and compressing files to avoid layout offsets and ensure compatibility. When using it, you should test the scrolling experience and weigh the user experience.
How do I use the element to represent a section of navigation links?
Jun 24, 2025 am 12:55 AM
The key to using elements to represent navigation link areas is semantics and clear structure, usually in conjunction with organizational links. 1. The basic structure is to put the parallel links in and wrap them inside, which is friendly to auxiliary tools and is conducive to style control and SEO; 2. Commonly used in or, for placing main navigation or footer link collections; 3. A page can contain multiple areas, such as main menu, sidebar or footer independent navigation.
