Evaluates the expression and inserts the resulting HTML into the element in a secure way. By default,
the resulting HTML content will be sanitized using the $sanitize service.
To utilize this functionality, ensure that $sanitize
is available, for example, by including ngSanitize
in your module's dependencies (not in core Angular). In order to use ngSanitize
in your module's dependencies, you need to include "angular-sanitize.js" in your application.
You may also bypass sanitization for values you know are safe. To do so, bind to an explicitly trusted value via $sce.trustAsHtml. See the example under Strict Contextual Escaping (SCE).
Note: If a $sanitize
service is unavailable and the bound value isn't explicitly trusted, you
will have an exception (instead of an exploit.)
<ANY
ng-bind-html="expression">
...
</ANY>
Param | Type | Details |
---|---|---|
ngBindHtml | expression |
Expression to evaluate. |
<div ng-controller="ExampleController">
<p ng-bind-html="myHTML"></p>
</div>