'Unsafe value used in a resource URL context (iframe)
Trying to pass value as iframe url from local db and and im getting error message: Unsafe value used in a resource URL context. i'm trying to display an array of printers ip so i will be able to check their status via the website there is anyway to do this without iframe ? i will be more then glad to hear some advises.
I'm new to angular and every help is more then welcome thanks in advance.
import { Component, OnInit } from '@angular/core';
import { HttpClient } from '@angular/common/http';
import { DomSanitizer } from '@angular/platform-browser';
@Component({
selector: 'app-value',
templateUrl: './value.component.html',
styleUrls: ['./value.component.css']
})
export class ValueComponent implements OnInit {
values: any;
constructor(private http: HttpClient, private sanitizer: DomSanitizer) { }
ngOnInit() {
this.getValues();
}
getValues() {
this.http.get('http://localhost:5000/api/values/').subscribe(response => {
this.values = response;
}, error => {
console.log(error);
})
}
}<H2>Print Manager</H2>
<div id="outerdiv">
<iframe src="http://192.168.1.6/general/status.html" id="inneriframe" scrolling="no" ></iframe>
</div>
<div *ngFor="let value of values">
<p>{{value.id}},{{value.hostName}},{{value.location}},{{value.manufacturer}},{{value.ip}}</p>
<span>Hostname: {{value.hostName}}</span>
<br>
<span>Location: {{value.location}}</span>
<br>
<span>Manufacturer: {{value.manufacturer}}</span>
<br>
<span>IP: {{value.ip}}</span>
</div>Solution 1:[1]
You may use Angular DomSanitizer from @angular/platform-browser
Refer Angular Guide for more info
import {DomSanitizationService} from '@angular/platform-browser';
@Component({
templateUrl: 'temp.html'
})
export class AppComponent {
yourUrl : '';
constructor(private sanitizer : DomSanitizationService) {
}
getSanitizedURL() {
return this.sanitizer.bypassSecurityTrustUrl(yourUrl);
}
}
HTML :
<div id="outerdiv">
<iframe src="getSanitizedURL()" id="inneriframe" scrolling="no"></iframe>
</div>
Solution 2:[2]
Using a Pipe is better.
Create a Pipe: In the app.component.ts (The main component that loads first)*
import { Pipe, PipeTransform} from "@angular/core";
import { DomSanitizer } from "@angular/platform-browser";
@Pipe({ name: 'safe' })
export class SafePipe implements PipeTransform {
constructor(private sanitizer: DomSanitizer) { }
transform(url) {
return this.sanitizer.bypassSecurityTrustResourceUrl(url);
}
}
Declare the Pipe: After creating the pipe
@NgModule({
imports: [ ... ],
declarations: [ ..., SafePipe ],
bootstrap: [ App ]
})
Usage: You can use this with the pipe operator and the pipe name. Example:
<iframe [src]="your_url_here | safe" id="inneriframe" scrolling="no" ></iframe>
Using this method, you will get a sanitized URL without rewriting the code every time you need it in some other components..
Solution 3:[3]
[src]="sanitizer.bypassSecurityTrustResourceUrl('http://'+value.ip+'/general/status.html')" solved it for me
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | |
| Solution 3 | Chen Tmv |