ngx-md icon indicating copy to clipboard operation
ngx-md copied to clipboard

Published 20 hours ago verified publisher icon dimpu

Bug with sanitizeHtml ([sanitizeHtml]="false")

Open PhilFlash opened this issue 5 years ago • 0 comments

Hi, When you use [sanitizeHtml]="false", the javascript is declared unsafe. See https://stackblitz.com/edit/ngx-md-exmaple-cgwjwk

Reason: In ngx-md.component.ts, 'set data' call onDataChange which use this.sanitizeHtml. But, sanitizeHtml is not initialized (when you use false).

IMHO, there are two corrections for this problem:

  • declare sanitizeHtml in first (just after the constructor and before 'set path' and 'set data'). This is the first '@Input()' and all is ok.
  • add a timeout in 'set data' (to wait the initialization of sanitizeHtml ) like this:
  @Input()
    set data(value: string) {
      if (value) {
        this._data = value;
        setTimeout(() => {
          this.onDataChange(value);
        });
      }
}

Philippe

PhilFlash avatar Dec 05 '18 10:12 PhilFlash