2

I am getting a piece of html code from a http request to an external system , and I should show this on my view in my angular app

to be percise this is the html snippet that I have to show (it will be a bit different by every request and response )

<div 
  id='paysonContainer'
  url='https://test-www.payson.se/embedded/checkout?id=af1ebee5-40bd-410a-90d1-a94401553414'>
</div>

<script 
  type='text/javascript' 
  src='https://test-www.payson.se/embedded/Content/payson.js?v2'>
</script>

I used different solution suggestions like innerHtml , but non of them is working for me (maybe because I have some script tag in my html code)

I am getting the html snippet as an string to a component and want to append it to the view (for example to a div in the view)

Improve this question
9
  • That html code you are getting as string from response? then you can simply do like this stackblitz.com/edit/… Commented Aug 23, 2018 at 7:25
  • Don't you mean an Iframe?? stackblitz.com/edit/… Commented Aug 23, 2018 at 7:32
  • SPA aren't made to handle HTML code coming from the backend. Instead, consider making a custom script that make AJAX calls and declare it as an asset of your project. Commented Aug 23, 2018 at 7:44
  • @JavascriptLover-SKT yes , I am getting it as an string inside a component (updated the question) Commented Aug 23, 2018 at 7:48
  • @AshishRanjan you have removed the script tags - I have to add to the html code , exactly as it is. Iframe is not the solution for me Commented Aug 23, 2018 at 7:50

2 Answers 2

Reset to default
2

Can this script be wrapped in a div?

If yes, then simply use the [innerHTML] property binding syntax on an empty div and use the str as it's value.

After doing that though, you're going to get an unsafe scripts error which you can fix by passing it through the sanitize pipe that you can create like this:

import {
  Pipe,
  PipeTransform
} from '@angular/core';
import {
  DomSanitizer,
  SafeHtml
} from '@angular/platform-browser';

@Pipe({
  name: 'sanitize'
})
export class SanitizePipe implements PipeTransform {

  constructor(private sanitizer: DomSanitizer) {}

  transform(html: string): SafeHtml {
    return this.sanitizer.bypassSecurityTrustHtml(html);
  }
}

Creating a Pipe will help you reuse this logic at several places in your App.

And in your template, you can simply use the str as:

<div [innerHTML]="str | sanitize">
</div>

I was able to see any content from this div on the UI.

enter image description here

Even the Angular Documentation says the same.

Bypass security and trust the given value to be safe HTML. Only use this when the bound HTML is unsafe (e.g. contains tags) and the code should be executed. The sanitizer will leave safe HTML intact, so in most situations this method should not be used.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

yes , it can be wrapped in div or any other thing that you wish, but the content should be visibe. something like the content in this iframe stackblitz.com/edit/… it is the same problem that I have , content is not visible. I have not used the sanitizer but used the innerHtml and no content . will test your solution as well . will come back with the result
Okay. So does this answer help? If not, can you please update your question with the issue at hand after implementing my solution and let us know what's the issue you're facing at hand. If this solution helped you though, consider marking this as an answer.
I am not able to see any content , there is no exception but the div has no content
It does have content. You can inspect it and check. I did the same and I was able to see the content when I was inspecting. I wasn't able to see anything on the UI though.
it seems that I have to bypass not just html but also bypassSecurityTrustScript and bypassSecurityTrustUrl. Since I have html and script and url in my html snippet.
|
0

You can try using DOMSanitizer class

import {BrowserModule, DomSanitizer} from '@angular/platform-browser';

constructor(private sanitizer: DomSanitizer) {
    this.html = sanitizer.bypassSecurityTrustHtml('<div 
  id='paysonContainer'
  url='https://test-www.payson.se/embedded/checkout?id=af1ebee5-40bd-410a-90d1-a94401553414'>
</div>') ;
  }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.