How to set without causing `unsafe value` exception?

by

Update v8

Below answers work but exposes your application to XSS security risks!.
Instead of using this.domSanitizer.bypassSecurityTrustResourceUrl(url), it is recommended to use this.domSanitizer.sanitize(SecurityContext.URL, url)

Update

For RC.6^ version use DomSanitizer

Plunker

And a good option is using pure pipe for that:

import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer} from '@angular/platform-browser';

@Pipe({ name: 'safe' })
export class SafePipe implements PipeTransform {
  constructor(private domSanitizer: DomSanitizer) {}
  transform(url) {
    return this.domSanitizer.bypassSecurityTrustResourceUrl(url);
  }
}

remember to add your new SafePipe to the declarations array of the AppModule. (as seen on documentation)

@NgModule({
   declarations : [
     ...
     SafePipe
   ],
})

html

<iframe width="100%" height="300" [src]="url | safe"></iframe>

Plunker

If you use embed tag this might be interesting for you:

Old version RC.5

You can leverage DomSanitizationService like this:

export class YourComponent {
  url: SafeResourceUrl;
  constructor(domSanitizationService: DomSanitizationService) {
    this.url = domSanitizer.bypassSecurityTrustResourceUrl('your url');
  }
}

And then bind to url in your template:

<iframe width="100%" height="300" [src]="url"></iframe>

Don’t forget to add the following imports:

import { SafeResourceUrl, DomSanitizationService } from '@angular/platform-browser';

Plunker sample

More Related Contents:

  1. How to dynamically create bootstrap modals as Angular2 components?
  2. How should I use the new static option for @ViewChild in Angular 8?
  3. Stop mouse event propagation
  4. How to make HTTP request at an interval?
  5. Angular2 innerHtml binding remove style attribute [duplicate]
  6. How to call an rest api while bootstrapping angular 2 app
  7. Angular – shared service between components doesn’t work
  8. How to detect when an @Input() value changes in Angular?
  9. Catching errors in Angular HttpClient
  10. Services depending on each other
  11. Passing Data with Subjects and Proxies
  12. How to import Angular Material in project?
  13. Is it possible to use a pipe in the code? [duplicate]
  14. Angular 2: getting RouteParams from parent component
  15. Angular 4 Pipe Filter
  16. Array of formGroup within mat-table for each row
  17. angular2 – infinite loop when i call method from a Angular 2 class inside template
  18. Multiple layouts for different pages in Angular 2
  19. Angular 2 + Ionic 2: Detect if an object was modified
  20. Http.get() working but not working in build(Release/Debug) in Ionic 4
  21. Change Detection issue — Why is this changing when it’s the same object reference with On Push
  22. Angular2 ngFor OnPush Change Detection with Array Mutations
  23. How to Using a FormArray in a FormGroup
  24. How to validate white spaces/empty spaces? [Angular 2]
  25. Style html,body from web component (Angular 2)
  26. How to create variable in ngFor loop?
  27. Angular2 Routing – keeping state of component when route changes [duplicate]
  28. How to send 1000 XHTTP Requests with maximum number of parallel requests
  29. `[(ngModel)]` vs `[(value)]`
  30. Angular Material2 theming – how to set app background?

Leave a Comment