W3cubDocs

/Angular.js 1.5

Improve this Doc View Source $sanitizeProvider

  1. $sanitize
  2. provider in module ngSanitize

Creates and configures $sanitize instance.

Methods

  • enableSvg([flag]);

    Enables a subset of svg to be supported by the sanitizer.

    By enabling this setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized svg elements could be positioned outside of the containing element and be rendered over other elements on the page (e.g. a login link). Such behavior can then result in phishing incidents.

    To protect against these, explicitly setup overflow: hidden css rule for all potential svg tags within the sanitized content:


      .rootOfTheIncludedContent svg {
        overflow: hidden !important;
      }
      

    Parameters

    Param Type Details
    flag
    (optional)
    boolean

    Enable or disable SVG support in the sanitizer.

    Returns

    booleanng.$sanitizeProvider

    Returns the currently configured value if called without an argument or self for chaining otherwise.

© 2010–2017 Google, Inc.
Licensed under the Creative Commons Attribution License 4.0.
https://code.angularjs.org/1.5.11/docs/api/ngSanitize/provider/$sanitizeProvider