angular_interpolate

发表于 | 更新于 | 评论数: | 阅读次数:

angular 插值

angular interpolate

1
2
3
4
5
6
7
8
9
// Concatenating(连接) expressions makes it hard to reason about whether some combination of
// concatenated values are unsafe to use and could easily lead to XSS.  By requiring that a
// single expression be used for iframe[src], object[src], etc., we ensure that the value
// that's used is assigned or constructed by some JS code somewhere that is more testable or
// make it obvious that you bound the value to some user controlled value.  This helps reduce
// the load when auditing for XSS issues.
if (trustedContext && concat.length > 1) {
    $interpolateMinErr.throwNoconcat(text);
}

什么时候报错呢?

像ng-src=”img/“就会报错了

1
2
3
4
5
6
7
8
9
10
11
12
var $interpolateMinErr = angular.$interpolateMinErr = minErr('$interpolate');
//https://segmentfault.com/q/1010000007677889?_ea=1423254
$interpolateMinErr.throwNoconcat = function(text) {
throw $interpolateMinErr('noconcat',
    "Error while interpolating: {0}\nStrict Contextual Escaping disallows " +
    "interpolations that concatenate multiple expressions when a trusted value is " +
    "required.  See http://docs.angularjs.org/api/ng.$sce", text);
};

$interpolateMinErr.interr = function(text, err) {
return $interpolateMinErr('interr', "Can't interpolate: {0}\n{1}", text, err.toString());
};

参考资料:
AugularJS通过服务器请求图片时总是报错 $interpolate:noconcat
浅谈AngularJS的$interpolate服务 1

欢迎关注我的公众号:沉迷Spring
显示 Gitment 评论
0%