2

In my application i'm loading a youtube vedio into a iframe. I have sanitized the url. But the src attribute doesnt load when i run the application.

below is the html:

<a [href]="data.url" target="_blank" *ngIf="data.contentTypeString=='YOUTUBE_VIDEO' && data.url != null">
            <div class="embed-responsive embed-responsive-16by9">
                <iframe *ngIf="data.contentTypeString=='YOUTUBE_VIDEO'" 
                        class="embed-responsive-item" 
                        src="{{data.url}}"></iframe>
            </div>
        </a>

below is the screenshot when i run the same: enter image description here

The src just wont load i have tried with [src]=data.url.

Below is the method i'm using to sanitize the url:

public manageYoutubeUrl(url: any) {
        console.log("url====" + url);
        var youtubeUrl = this.sanitize.bypassSecurityTrustUrl(url.replace('watch?v=', 'embed/').replace('http://', 'https://')+"?wmode=opaque&rel=0&autohide=1&showinfo=0&wmode=transparent");
        console.log("youtubeUrl=====" + youtubeUrl);
        return youtubeUrl;
    }

When i check the log for youtubeURL it's comming like this:

youtubeUrl=====SafeValue must use [property]=binding: https://www.youtube.com/embed/l-103taCWOQ?wmode=opaque&rel=0&autohide=1&showinfo=0&wmode=transparent (see http://g.co/ng/security#xss)

ERROR Error: Required a safe ResourceURL, got a URL (see http://g.co/ng/security#xss) at DomSanitizerImpl.checkNotSafeValue (

Please guide. Thanks.

Improve this question
3
  • 1
    it think it is down to DomSanitization issue @Shruti Commented Sep 20, 2017 at 11:08
  • See your console, is there an error? See this answer: stackoverflow.com/a/46303484/1791913 Commented Sep 20, 2017 at 11:08
  • [src]="data.url" Commented Sep 20, 2017 at 11:09

1 Answer 1

Reset to default
6

You need to do some thing like this

TS

 import { DomSanitizer } from '@angular/platform-browser';

 this.current_url=this.sanitizer.bypassSecurityTrustResourceUrl(url)

Template

<iframe id="frame" frameborder="0" [src]="current_url"></iframe>

Update After comment

Just do some thing like [src]="current_url" or [attr.src] = ""

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

i have updated my question with the sanitiz method and error
then you just do some thing like [src] = "url". you should update the question with the whole method as this is the first point of failure .
:I have done everything that you are telling but its still not working
try and use the embed url instead of the regular one https://www.youtube.com/embed/video-ID @ShrutiNair
I have the same problem as well.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.