I need to accept html input (template) from user. I need to then compile it using angular's $interpolate function. So when I get the html from user, I do this.
let $interpolate = this.$injector.get('$interpolate');
let $sanitize = this.$injector.get('$sanitize');
let html = $sanitize(toReturnStyles.cellTemplate);
el = $interpolate(html)(params);
Then I checked adding , I am good, alert didn't work. But then I put following code in the inputbox and I saw alerts.
{{constructor.constructor('alert(1)')()}}
Please help me implement this usecase correctly.