-
Notifications
You must be signed in to change notification settings - Fork 27.5k
AngularJS - Generating dynamic image map #8719
Comments
@nmusmani if you want this HTML to inserted as-is by AngularJS binding you need to mark is as trusted: |
…ch reserved words Currently if a reserved word occurs anywhere within the aliasAs identifier, we throw. This CL fixes this behaviour by allowing these identifiers, since they are technically perfectly valid. Closes #8719
I totally closed the wrong issue. derp |
@pkozlowski-opensource do you know if there's a good reason why we'd remove |
@caitp actually now that you ask the question I starting to wonder what harm leaving out names can do. Will dig into later today, unless someone else is faster :-) |
So, it looks like a deliberate choice to remove name, id and style attributes in 2bbced2, we've got still test that verify this: angular.js/test/ngSanitize/sanitizeSpec.js Line 293 in d713ad1
I guess we don't need to discuss possible attacks enabled by leaving out those attributes here.... |
The test case that was added says the changes were suggested by "evn", but there's no link to an issue and I can't find it, so it's hard to say what they're talking about. I don't think this is really a security issue, it's probably just to prevent you from accidentally including duplicates, which seems a bit silly |
Yeh, 2bbced2 is almost 4 years old... Conventional changelog approach wasn't in place at the time (btw: every time I bump into a commit that doesn't follow conventional changelog I realise how great it is). |
Humm, I think avoiding duplicates by default with ngSanitize is probably the right thing to do. Unless someone disagrees, I think this is a good place to use a custom module or just |
I am getting image map from the server and trying to display contents using ng-bind-html. while rendering AngularJS removes name attribute from map tag. Therefore user clicks are not affective in map.
Sample: http://plnkr.co/edit/j5ylalmEabQH7GonOB4C?p=preview
angular.module('imgMapExample', ['ngSanitize'])
.controller('ExController', ['$scope', function($scope) {
The text was updated successfully, but these errors were encountered: