收到危险的 URL 清理错误
Receiving dangerous URL error with sanitization
我有一个 Angular 模板,它加载带有动态 URL 的 iframe。尽管对 URL 进行了清理,但我仍然收到错误消息:
ERROR Error: Required a safe ResourceURL, got a URL
我错过了什么?
component.ts
/**
* Renders iframe for client to sign electronically by forming the URL based on the chosen externalDocument.
* @param externalDocument
*/
selectDocument(externalDocument: IExternalDocument) {
let document = new ExternalDocument(externalDocument)
let url = document.url
url = url.replace("INSERT_FIRSTNAME_HERE", this.firstName)
url = url.replace("INSERT_LASTNAME_HERE", this.lastName)
url = url.replace("INSERT_EMAIL_HERE", this.email)
this.formattedUrl = url
}
component.html
<div style="display:block;margin:auto;padding:0;border:0;outline:0;font-size:12px!important;color:#AAA!important;vertical-align:baseline;background:transparent;width:90%;">
<iframe frameborder="0" height="900" scrolling="yes" [src]="sanitizer.bypassSecurityTrustUrl(formattedUrl)" width="100%"></iframe>
</div>
看看 bypassSecurityTrustResourceUrl 是否可以代替 bypassSecurityTrustUrl
我有一个 Angular 模板,它加载带有动态 URL 的 iframe。尽管对 URL 进行了清理,但我仍然收到错误消息:
ERROR Error: Required a safe ResourceURL, got a URL
我错过了什么?
component.ts
/**
* Renders iframe for client to sign electronically by forming the URL based on the chosen externalDocument.
* @param externalDocument
*/
selectDocument(externalDocument: IExternalDocument) {
let document = new ExternalDocument(externalDocument)
let url = document.url
url = url.replace("INSERT_FIRSTNAME_HERE", this.firstName)
url = url.replace("INSERT_LASTNAME_HERE", this.lastName)
url = url.replace("INSERT_EMAIL_HERE", this.email)
this.formattedUrl = url
}
component.html
<div style="display:block;margin:auto;padding:0;border:0;outline:0;font-size:12px!important;color:#AAA!important;vertical-align:baseline;background:transparent;width:90%;">
<iframe frameborder="0" height="900" scrolling="yes" [src]="sanitizer.bypassSecurityTrustUrl(formattedUrl)" width="100%"></iframe>
</div>
看看 bypassSecurityTrustResourceUrl 是否可以代替 bypassSecurityTrustUrl