我想知道和之间ng-bind的区别。ng-bind-htmlng-bind-html-unsafe
此外,当我在下面运行代码时,我收到如下所述的错误:
代码 :
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>HTML Injection Security in AngularJS</title>
<script type="text/javascript" src="/js/angular.js"></script>
<script type="text/javascript">
angular.module("myApp", []).controller("myController",function($scope)
{
$scope.getValue = function()
{
return "<b>Hello World</b>";
};
});
</script>
</head>
<body>
<div ng-app="myApp" ng-controller="myController">
<span ng-bind-html="getValue();"></span>
<span>Normal Text</span>
</div>
</body>
</html>
错误 :
错误:[$sce:unsafe] 试图在安全上下文中使用不安全值。 http://errors.angularjs.org/1.3.11/ $sce/unsafe 在 REGEX_STRING_REGEXP ( https://www.angularapprj.com:4443/js/angular.js:63:12 ) 在 htmlSanitizer ( https:// www.angularapprj.com:4443/js/angular.js:15053:13 ) 在 getTrusted ( https://www.angularapprj.com:4443/js/angular.js:15217:16 ) 在 Object.$get.sce .(匿名函数) [as getTrustedHtml] ( https://www.angularapprj.com:4443/js/angular.js:15897:16 ) 在 Object.ngBindHtmlWatchAction [as fn] ( https://www.angularapprj.com :4443/js/angular.js:20449:29 ) 在 Scope.$get.Scope.$digest (https://www.angularapprj.com:4443/js/angular.js:14230:29 ) 在 Scope.$get.Scope.$apply ( https://www.angularapprj.com:4443/js/angular.js :14493:24 ) 在 BootstrapApply ( https://www.angularapprj.com:4443/js/angular.js:1449:15 ) 在 Object.invoke ( https://www.angularapprj.com:4443/js/angular .js:4182:17 ) 在 doBootstrap ( https://www.angularapprj.com:4443/js/angular.js:1447:14 )
这是什么意思?我知道在命令式代码中使用声明性代码不是一个好习惯,尽管我只是在尝试使用<b>Hello World</b>inng-bind-html指令。
