$sanitizeProvider – $sanitize – provider in module ngSanitize

Creates and configures $sanitize instance.

Methods

  • enableSvg([regexp]);

    Enables a subset of svg to be supported by the sanitizer.

    By enabling this setting without taking other precautions, you might expose your application to click-hijacking attacks. In these attacks, sanitized svg elements could be positioned outside of the containing element and be rendered over other elements on the page (e.g. a login link). Such behavior can then result in phishing incidents.

    To protect against these, explicitly setup overflow: hidden css rule for all potential svg tags within the sanitized content:

    
      .rootOfTheIncludedContent svg {
        overflow: hidden !important;
      }
      
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s