3

Getting unsafe URL error in console while displaying an image in Angular 6

Here i am taking the image

<br>Primary Image <input type="file" (change)="readUrl($event)">

In the other component, I want my image to be shown 

<tr *ngFor="let x of response">
    <td>
        <img [src]="x.productPrimaryImage">
    </td>
</tr>

Method to get the path of the image.

readUrl(event) {
    this.productPrimaryImage = event.target.value;
}

WARNING: sanitizing unsafe URL value C:\Users\mayursinghal\Pictures\Screenshot (9).png (see http://g.co/ng/security#xss)

Improve this question

2 Answers 2

Reset to default
10

This is a warning given by Angular because your application can be exposed to XSS attacks. If you want to bypass this security warning, you need to first sanitize the URL to make it safe to display it in the UI. You can do this using the DomSanitizer (Source: docs).

Create a function to sanitize the image url in your component

import { DomSanitizer, SafeUrl } from '@angular/platform-browser';

...

constructor(private sanitizer: DomSanitizer) { }

sanitizeImageUrl(imageUrl: string): SafeUrl {
    return this.sanitizer.bypassSecurityTrustUrl(imageUrl);
}

Then in your template, call this function to sanitize your URL.

<tr *ngFor="let x of response">
    <td>
        <img [src]="sanitizeImageUrl(x.productPrimaryImage)" />
    </td>
</tr>

WARNING: calling bypassSecurityTrustUrl with untrusted image URLs exposes your application to XSS security risks!

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

getting null value in sanitizeImageUrl
Sorry, I forgot to show the part where you need to add DomSanitizer to the constructor. Check out the updated answer.
getting error "Not allowed to load local resource: file:///D:/1.jpg"
This is your Chrome browser giving you an error. You should be ideally using cloud storage or host the images in some server and make your API return a relative path which along with the server path should give you the actual image. If you are using this particular method of getting the absolute image path to a local resource, maybe the plugin in this answer might help you out. (stackoverflow.com/a/46480984/9739129).
Note: you cannot deploy anywhere using this image path and this method should be used only for testing or practicing. Else I suggest you use another method (I have mentioned some of them in the previous comment).
|
-2

First, you are providing absolute path which will simply stop working after deployment. Move your images inside project and use relative urls like /images/Screenshot (9).png

Secondly, youse [src] instead

<img [src] = "x.productPrimaryImage">
Improve this answer

3 Comments

i am adding my imge path in database then showing the image on other page by get api
Moving images inside the project is not (if ever) a viable solution to the problem.
Its just cannot be absolute path of your local files system, it must be web accessible.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.