为什么 angular 的 $sanitize 不允许输入和按钮元素?
Why doesn't angular's $sanitize allow input and button elemnts?
我有一个关于 angular-sanitize($sanitize)[1] 的问题。
为什么它不允许输入和按钮元素?
示例代码:
$sanitize('<input/>') // ""
$sanitize('<button>A</button>') // ""
我查看了代码,发现存在硬编码的有效元素 [2]。我的问题更多关于 "Why they treat them as harmful elements"
谢谢!
[1] - https://github.com/angular/angular.js/blob/0822d34b10ea0371c260c80a1486a4d508ea5a91/src/ngSanitize/sanitize.js#L1
[2] - https://github.com/angular/angular.js/blob/0822d34b10ea0371c260c80a1486a4d508ea5a91/src/ngSanitize/sanitize.js#L265-L269
好的,看来我找到了问题的部分答案 - https://github.com/angular/angular.js/issues/5900
我有一个关于 angular-sanitize($sanitize)[1] 的问题。 为什么它不允许输入和按钮元素?
示例代码:
$sanitize('<input/>') // ""
$sanitize('<button>A</button>') // ""
我查看了代码,发现存在硬编码的有效元素 [2]。我的问题更多关于 "Why they treat them as harmful elements"
谢谢!
[1] - https://github.com/angular/angular.js/blob/0822d34b10ea0371c260c80a1486a4d508ea5a91/src/ngSanitize/sanitize.js#L1 [2] - https://github.com/angular/angular.js/blob/0822d34b10ea0371c260c80a1486a4d508ea5a91/src/ngSanitize/sanitize.js#L265-L269
好的,看来我找到了问题的部分答案 - https://github.com/angular/angular.js/issues/5900