Angular 2 Pipe inside Primeng Datatable gives security error

3.4k Views Asked by Korki Korkig At 06 April 2025 at 23:29

I have a Pipe which decodes the html codes. For example <p>test</p> becomes test

When I use it inside a column, it doesn't show the data but 'SafeValue must use [property]=binding: XXXX (see http://g.co/ng/security#xss)'

Datatable

<p-dataTable [value]="toShowSubVragen">

   <!-- WITH Pipe, DOESN'T WORK
   SHOWS: SafeValue must use [property]=binding: XXXX (see http://g.co/ng/security#xss)-->
    <p-column field="tekst" header="With Pipe">
        <template let-col let-vraag="rowData" pTemplate="body">
            <span>{{vraag[col.field] | safeHtml}}</span>
        </template>
    </p-column>

    <!-- WITHOUT Pipe, WORKS
   SHOWS: the tekst data..  -->
    <p-column field="tekst" header="Without Pipe">
        <template let-col let-car="rowData" pTemplate="body">
            <span>{{car[col.field]}}</span>
        </template>
    </p-column>

</p-dataTable>

Pipe

@Pipe({ name: 'safeHtml'})
export class SafeHtmlPipe implements PipeTransform  {
  constructor(private sanitized: DomSanitizer) {}
  transform(value) {
    return this.sanitized.bypassSecurityTrustHtml(value);
  }
}

How can I solve this?

Original Q&A

There are 1 best solutions below

Günter Zöchbauer On 27 December 2016 at 08:52 BEST ANSWER

Using the safeHtml or the sanitizer directly with {{}} is pointless because the result is stringified which undoes the application of | safeHtml.

<span>{{vraag[col.field] | safeHtml}}</span>

Perhaps you meant

<span [innerHTML]="vraag[col.field] | safeHtml"></span>

Angular 2 Pipe inside Primeng Datatable gives security error

There are 1 best solutions below

Related Questions in ANGULAR

Related Questions in PRIMENG

Trending Questions

Popular # Hahtags

Popular Questions