0

I wonder how can I achieve my goal in a clean way. Here's the problem: In my angular view I want to have the following code block to explain to my customers how to set up an embeded plugin

In angular(5.X) view

  <code>
    <script src="https://plugin.example.io"></script>
    <script>
      const myBot = new Bot({{ uid }}) // Here I want to inject the `uid` var coming from my angular controller
    </script>
  </code>

Of course I don't want the code to be interpreted but just displayed as a code block should do.

Problem is that angular sanitizes view before rendering it to avoid security issues. However I thought of sanitizer.bypassSecurityTrustHtml() but problem is how to inject my uid and remains the code clean ?

Is there any known directive that can make the trick ?

Thank you.

Improve this question
1
  • 1
    Rather than use literal carets, < you can use the html entity &lt;: &lt;script src=""&gt;&lt;/script&gt; Commented Jan 30, 2018 at 15:14

1 Answer 1

Reset to default
1

You can try and encode special HTML entities like :

&lt;script src="https://plugin.example.io"&gt;&lt;/script&gt;

will be rendered in the view as :

<script src="https://plugin.example.io"></script>

but not interpreted.

Edit

I guess even just the first characted should do the trick and prevent the whole thing from being interpreted.

&lt;script src="https://plugin.example.io"></script>

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Not the most beautiful thing I ever done but works like a charm
A man's gotta do what he's gotta do :) (Please mark the answer as correct if it solved your problem)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.