I want to discuss here of what should we do about trusting html.
I saw various ways, and I am not sure of any of them:
As today, you can add html onto it, $sce will trust your html but I am unsure how it works vs XSS. Using ngSanitize is also an option, but it doesn't allow to use form items on the toast.
The problem with $sce is that you can't put directives into the trusted HTML (that is intended). That doesn't mean I can create a directive where you can put any kind of html on your toast (even forms that will work with your scope), but that is highly insecure.
I want to discuss what are your thoughts about this.
I want to discuss here of what should we do about trusting html.
I saw various ways, and I am not sure of any of them:
As today, you can add html onto it,
$scewill trust your html but I am unsure how it works vsXSS. UsingngSanitizeis also an option, but it doesn't allow to use form items on the toast.The problem with
$sceis that you can't put directives into the trusted HTML (that is intended). That doesn't mean I can create a directive where you can put any kind of html on your toast (even forms that will work with your scope), but that is highly insecure.I want to discuss what are your thoughts about this.