Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

angular-sanitize.js strips id attribute for img tag #11942

Closed
poonambaviskar opened this issue May 26, 2015 · 2 comments
Closed

angular-sanitize.js strips id attribute for img tag #11942

poonambaviskar opened this issue May 26, 2015 · 2 comments

Comments

@poonambaviskar
Copy link

Can we just include 'id' in the whitelist, i.e htmlAttrs variable in angular-sanitize.js?? Doing this does not remove id attribute from img tag.

@petebacondarwin
Copy link
Contributor

It looks like the commit that put this in (2bbced2) does not give the reasoning.

In #8719, @caitp suggests that it might have simply been to remove duplicate name and id values...

@mhevery
Copy link
Contributor

mhevery commented Jun 23, 2015

the reason why we strip out id and name is that browsers put them on window

<div id="angular"> would overwrite the window.angular with an element. This is considered a security issue and so we don't allow it.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants