$sceDelegate
is a service that is used by the $sce
service to provide Strict
Contextual Escaping (SCE) services to AngularJS.
Typically, you would configure or override the $sceDelegate instead of
the $sce
service to customize the way Strict Contextual Escaping works in AngularJS. This is
because, while the $sce
provides numerous shorthand methods, etc., you really only need to
override 3 core functions (trustAs
, getTrusted
and valueOf
) to replace the way things
work because $sce
delegates to $sceDelegate
for these operations.
Refer $sceDelegateProvider to configure this service.
The default instance of $sceDelegate
should work out of the box with little pain. While you
can override it completely to change the behavior of $sce
, the common case would
involve configuring the $sceDelegateProvider instead by setting
your own whitelists and blacklists for trusting URLs used for loading AngularJS resources such as
templates. Refer $sceDelegateProvider.resourceUrlWhitelist and $sceDelegateProvider.resourceUrlBlacklist
$sceDelegate();
Returns an object that is trusted by angular for use in specified strict contextual escaping contexts (such as ng-bind-html, ng-include, any src attribute interpolation, any dom event binding attribute interpolation such as for onclick, etc.) that uses the provided value. See $sce for enabling strict contextual escaping.
Param | Type | Details |
---|---|---|
type | string |
The kind of context in which this value is safe for use. e.g. url, resourceUrl, html, js and css. |
value | * |
The value that that should be considered trusted/safe. |
* | A value that can be used to stand in for the provided |
If the passed parameter had been returned by a prior call to $sceDelegate.trustAs
, returns the value that had been passed to $sceDelegate.trustAs
.
If the passed parameter is not a value that had been returned by $sceDelegate.trustAs
, returns it as-is.
Param | Type | Details |
---|---|---|
value | * |
The result of a prior |
* | The |
getTrusted(type, maybeTrusted);
Takes the result of a $sceDelegate.trustAs
call and
returns the originally supplied value if the queried context type is a supertype of the
created type. If this condition isn't satisfied, throws an exception.
Param | Type | Details |
---|---|---|
type | string |
The kind of context in which this value is to be used. |
maybeTrusted | * |
The result of a prior |
* | The value the was originally provided to |