Styjun

What does the coin flipping before dying mean?

Huffman Code in C++

Given a safe domain, are subdirectories safe as well?

What are these two Sewer Pipes Coming up Out the Ground?

Dimmer switch not connected to ground

Why increasing of the temperature of the objects like wood, paper etc. doesn't fire them?

TIP120 Transistor + Solenoid Failing Randomly

Why are condenser mics so much more expensive than dynamics?

How did the Apollo guidance computer handle parity bit errors?

Where did Lovecraft write about Carcosa?

What happens if I accidentally leave an app running and click "Install Now" in Software Updater?

What would happen if I combined this polymer and this metal (assuming I can)

Two denim hijabs

Which "exotic salt" can lower water's freezing point by –70 °C?

What do you call a painting painted on a wall?

Picking a theme as a discovery writer

The selling of the sheep

Problem with estimating a sequence with intuition

Pattern matching failed

Installing Debian 10, upgrade to stable later?

How do I, as a DM, handle a party that decides to set up an ambush in a dungeon?

Can I combine SELECT TOP() with the IN operator?

Sci-fi/fantasy book - ships on steel runners skating across ice sheets

Game artist computer workstation set-up – is this overkill?

Safe value must use [property]=binding after bypass security with DomSanitizer

Angular HTML bindingAngular - How to access and replace innerHTML from a directiveIs it possible to sanitize [routerLink]?Angular 2 - Textarea sanitization?Input property not binding on attribute selectorUpdating input value after model bindCan't bind to 'ngModel' since it isn't a known property of 'input'What is the property in property binding [class.selected]?Angular 2 property binding: how do EventEmitters work?Angular2: Property binding from property inside componentHow to get offsetWidth and offsetHeight values after add css class to change themProperty 'value' does not exist on type 'ElementRef'TypeScript Default Value for propertySafeValue must use [property]=binding although I'm already using property binding

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

15

2

<!--HTML CODE-->
<p #mass_timings"></p>

//controller code

@ViewChild('mass_timings') mass_timings: ElementRef;
constructor(private domSanitizer:DomSanitizer)
getInnerHTMLValue()
 this.mass_timings.nativeElement.innerHTML = 
 this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

but the output which the mass_timings is displaying is including the text:-

Safe value must use [property]=binding

at the beginning

How to remove this string.

angular ionic2 innerhtml

share|improve this question

edited May 17 '18 at 17:06

Günter Zöchbauer

341k741055967

asked Jul 27 '17 at 12:54

manish kumarmanish kumar

1,67811135

add a comment | 

15

2

<!--HTML CODE-->
<p #mass_timings"></p>

//controller code

@ViewChild('mass_timings') mass_timings: ElementRef;
constructor(private domSanitizer:DomSanitizer)
getInnerHTMLValue()
 this.mass_timings.nativeElement.innerHTML = 
 this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

but the output which the mass_timings is displaying is including the text:-

Safe value must use [property]=binding

at the beginning

How to remove this string.

angular ionic2 innerhtml

share|improve this question

edited May 17 '18 at 17:06

Günter Zöchbauer

341k741055967

asked Jul 27 '17 at 12:54

manish kumarmanish kumar

1,67811135

add a comment | 

<!--HTML CODE-->
<p #mass_timings"></p>

//controller code

@ViewChild('mass_timings') mass_timings: ElementRef;
constructor(private domSanitizer:DomSanitizer)
getInnerHTMLValue()
 this.mass_timings.nativeElement.innerHTML = 
 this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

but the output which the mass_timings is displaying is including the text:-

Safe value must use [property]=binding

at the beginning

How to remove this string.

angular ionic2 innerhtml

share|improve this question

edited May 17 '18 at 17:06

Günter Zöchbauer

341k741055967

asked Jul 27 '17 at 12:54

manish kumarmanish kumar

1,67811135

<!--HTML CODE-->
<p #mass_timings"></p>

//controller code

@ViewChild('mass_timings') mass_timings: ElementRef;
constructor(private domSanitizer:DomSanitizer)
getInnerHTMLValue()
 this.mass_timings.nativeElement.innerHTML = 
 this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

angular ionic2 innerhtml

angular ionic2 innerhtml

share|improve this question

edited May 17 '18 at 17:06

Günter Zöchbauer

341k741055967

asked Jul 27 '17 at 12:54

manish kumarmanish kumar

1,67811135

share|improve this question

edited May 17 '18 at 17:06

Günter Zöchbauer

341k741055967

asked Jul 27 '17 at 12:54

manish kumarmanish kumar

1,67811135

edited May 17 '18 at 17:06

Günter Zöchbauer

341k741055967

edited May 17 '18 at 17:06

Günter Zöchbauer

341k741055967

asked Jul 27 '17 at 12:54

manish kumarmanish kumar

1,67811135

asked Jul 27 '17 at 12:54

manish kumarmanish kumar

1,67811135

3 Answers
3

active

oldest

votes

20

As the error message says, the sanitized HTML needs to be added using property binding:

<p [innerHTML]="massTimingsHtml"></p>

constructor(private domSanitizer:DomSanitizer) 
 this.massTimingsHtml = this.getInnerHTMLValue();

getInnerHTMLValue()
 return this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

StackBlitz example (based on Swapnil Patwa's Plunker - see comments below)

share|improve this answer

edited May 17 '18 at 17:04

answered Jul 27 '17 at 13:22

Günter ZöchbauerGünter Zöchbauer

341k741055967

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @manish kumar, Demo plunker - plnkr.co/edit/oCZ9yKTl68kuTPx6s7fH?p=preview
  
  – Swapnil Patwa
  Jul 27 '17 at 13:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  did this only. but can you relate to this and explain
  
  – manish kumar
  Jul 27 '17 at 14:14
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can do that, but not with sanitized HTML, only with a plain HTML string.
  
  – Günter Zöchbauer
  Jul 27 '17 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  but the html needs to be sanitized right?
  
  – manish kumar
  Jul 27 '17 at 14:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Not if you use this.mass_timings.nativeElement.innerHTML = .... But sanitizing is recommended for security reasons.
  
  – Günter Zöchbauer
  Jul 27 '17 at 14:46
  

  
  
  
  

 | 
show 2 more comments

4

I was getting this error when using an iframe so there I fixed using [src] as below:

//In ts file
getSafeUrl() 
 return this.sanitizer.bypassSecurityTrustResourceUrl(this.url); 

//In html
<iframe [src]="getSafeUrl()" frameborder="0" *ngIf="url"></iframe>

This method is quite cycle consuming as it'll call the function multiple time so it's better to sanitize URL inside lifeCycleHooks like ngOnInit().

share|improve this answer

edited Mar 23 at 4:31

answered Apr 12 '18 at 7:55

Black MambaBlack Mamba

3,26922442

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  You just saved my time, thanks! src="code" doesn't work, but [src]="code" works like a charm!
  
  – Frank
  Jun 13 '18 at 15:25
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  After hours of trying, this was finally the solution which worked out for me. Anyone an idea why src="code" doesn't work but [src]="code" does?
  
  – jammartin
  Jan 14 at 9:41
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  this doesn't work in IE 11 caniuse.com/#feat=datauri
  
  – karoluS
  Feb 13 at 8:45
  

  
  
  
  

add a comment | 

0

You need to sanitize() the safevalue like this :

this.domSanitizer.sanitize(SecurityContext.HTML,this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings));

share|improve this answer

answered Dec 24 '18 at 10:43

Sunil KumarSunil Kumar

1,04921423

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Aren't you just resanitizing?
  
  – Jake Sylvestre
  Mar 22 at 16:33
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess sanitize() is happening only once. And it works, that's why i posted.
  
  – Sunil Kumar
  Mar 23 at 6:06
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f45351434%2fsafe-value-must-use-property-binding-after-bypass-security-with-domsanitizer%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

20

As the error message says, the sanitized HTML needs to be added using property binding:

<p [innerHTML]="massTimingsHtml"></p>

constructor(private domSanitizer:DomSanitizer) 
 this.massTimingsHtml = this.getInnerHTMLValue();

getInnerHTMLValue()
 return this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

StackBlitz example (based on Swapnil Patwa's Plunker - see comments below)

share|improve this answer

edited May 17 '18 at 17:04

answered Jul 27 '17 at 13:22

Günter ZöchbauerGünter Zöchbauer

341k741055967

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @manish kumar, Demo plunker - plnkr.co/edit/oCZ9yKTl68kuTPx6s7fH?p=preview
  
  – Swapnil Patwa
  Jul 27 '17 at 13:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  did this only. but can you relate to this and explain
  
  – manish kumar
  Jul 27 '17 at 14:14
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can do that, but not with sanitized HTML, only with a plain HTML string.
  
  – Günter Zöchbauer
  Jul 27 '17 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  but the html needs to be sanitized right?
  
  – manish kumar
  Jul 27 '17 at 14:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Not if you use this.mass_timings.nativeElement.innerHTML = .... But sanitizing is recommended for security reasons.
  
  – Günter Zöchbauer
  Jul 27 '17 at 14:46
  

  
  
  
  

 | 
show 2 more comments

20

As the error message says, the sanitized HTML needs to be added using property binding:

<p [innerHTML]="massTimingsHtml"></p>

constructor(private domSanitizer:DomSanitizer) 
 this.massTimingsHtml = this.getInnerHTMLValue();

getInnerHTMLValue()
 return this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

StackBlitz example (based on Swapnil Patwa's Plunker - see comments below)

share|improve this answer

edited May 17 '18 at 17:04

answered Jul 27 '17 at 13:22

Günter ZöchbauerGünter Zöchbauer

341k741055967

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  @manish kumar, Demo plunker - plnkr.co/edit/oCZ9yKTl68kuTPx6s7fH?p=preview
  
  – Swapnil Patwa
  Jul 27 '17 at 13:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  did this only. but can you relate to this and explain
  
  – manish kumar
  Jul 27 '17 at 14:14
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You can do that, but not with sanitized HTML, only with a plain HTML string.
  
  – Günter Zöchbauer
  Jul 27 '17 at 14:18
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  but the html needs to be sanitized right?
  
  – manish kumar
  Jul 27 '17 at 14:42
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Not if you use this.mass_timings.nativeElement.innerHTML = .... But sanitizing is recommended for security reasons.
  
  – Günter Zöchbauer
  Jul 27 '17 at 14:46
  

  
  
  
  

 | 
show 2 more comments

As the error message says, the sanitized HTML needs to be added using property binding:

<p [innerHTML]="massTimingsHtml"></p>

constructor(private domSanitizer:DomSanitizer) 
 this.massTimingsHtml = this.getInnerHTMLValue();

getInnerHTMLValue()
 return this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

StackBlitz example (based on Swapnil Patwa's Plunker - see comments below)

share|improve this answer

edited May 17 '18 at 17:04

answered Jul 27 '17 at 13:22

Günter ZöchbauerGünter Zöchbauer

341k741055967

<p [innerHTML]="massTimingsHtml"></p>

constructor(private domSanitizer:DomSanitizer) 
 this.massTimingsHtml = this.getInnerHTMLValue();

getInnerHTMLValue()
 return this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings);

share|improve this answer

edited May 17 '18 at 17:04

answered Jul 27 '17 at 13:22

Günter ZöchbauerGünter Zöchbauer

341k741055967

answered Jul 27 '17 at 13:22

Günter ZöchbauerGünter Zöchbauer

341k741055967

answered Jul 27 '17 at 13:22

Günter ZöchbauerGünter Zöchbauer

341k741055967

4

I was getting this error when using an iframe so there I fixed using [src] as below:

//In ts file
getSafeUrl() 
 return this.sanitizer.bypassSecurityTrustResourceUrl(this.url); 

//In html
<iframe [src]="getSafeUrl()" frameborder="0" *ngIf="url"></iframe>

This method is quite cycle consuming as it'll call the function multiple time so it's better to sanitize URL inside lifeCycleHooks like ngOnInit().

share|improve this answer

edited Mar 23 at 4:31

answered Apr 12 '18 at 7:55

Black MambaBlack Mamba

3,26922442

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  You just saved my time, thanks! src="code" doesn't work, but [src]="code" works like a charm!
  
  – Frank
  Jun 13 '18 at 15:25
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  After hours of trying, this was finally the solution which worked out for me. Anyone an idea why src="code" doesn't work but [src]="code" does?
  
  – jammartin
  Jan 14 at 9:41
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  this doesn't work in IE 11 caniuse.com/#feat=datauri
  
  – karoluS
  Feb 13 at 8:45
  

  
  
  
  

add a comment | 

4

I was getting this error when using an iframe so there I fixed using [src] as below:

//In ts file
getSafeUrl() 
 return this.sanitizer.bypassSecurityTrustResourceUrl(this.url); 

//In html
<iframe [src]="getSafeUrl()" frameborder="0" *ngIf="url"></iframe>

This method is quite cycle consuming as it'll call the function multiple time so it's better to sanitize URL inside lifeCycleHooks like ngOnInit().

share|improve this answer

edited Mar 23 at 4:31

answered Apr 12 '18 at 7:55

Black MambaBlack Mamba

3,26922442

• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  You just saved my time, thanks! src="code" doesn't work, but [src]="code" works like a charm!
  
  – Frank
  Jun 13 '18 at 15:25
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  After hours of trying, this was finally the solution which worked out for me. Anyone an idea why src="code" doesn't work but [src]="code" does?
  
  – jammartin
  Jan 14 at 9:41
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  this doesn't work in IE 11 caniuse.com/#feat=datauri
  
  – karoluS
  Feb 13 at 8:45
  

  
  
  
  

add a comment | 

I was getting this error when using an iframe so there I fixed using [src] as below:

//In ts file
getSafeUrl() 
 return this.sanitizer.bypassSecurityTrustResourceUrl(this.url); 

//In html
<iframe [src]="getSafeUrl()" frameborder="0" *ngIf="url"></iframe>

This method is quite cycle consuming as it'll call the function multiple time so it's better to sanitize URL inside lifeCycleHooks like ngOnInit().

share|improve this answer

edited Mar 23 at 4:31

answered Apr 12 '18 at 7:55

Black MambaBlack Mamba

3,26922442

//In ts file
getSafeUrl() 
 return this.sanitizer.bypassSecurityTrustResourceUrl(this.url); 

//In html
<iframe [src]="getSafeUrl()" frameborder="0" *ngIf="url"></iframe>

share|improve this answer

edited Mar 23 at 4:31

answered Apr 12 '18 at 7:55

Black MambaBlack Mamba

3,26922442

answered Apr 12 '18 at 7:55

Black MambaBlack Mamba

3,26922442

answered Apr 12 '18 at 7:55

Black MambaBlack Mamba

3,26922442

0

You need to sanitize() the safevalue like this :

this.domSanitizer.sanitize(SecurityContext.HTML,this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings));

share|improve this answer

answered Dec 24 '18 at 10:43

Sunil KumarSunil Kumar

1,04921423

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Aren't you just resanitizing?
  
  – Jake Sylvestre
  Mar 22 at 16:33
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess sanitize() is happening only once. And it works, that's why i posted.
  
  – Sunil Kumar
  Mar 23 at 6:06
  

  
  
  
  

add a comment | 

0

You need to sanitize() the safevalue like this :

this.domSanitizer.sanitize(SecurityContext.HTML,this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings));

share|improve this answer

answered Dec 24 '18 at 10:43

Sunil KumarSunil Kumar

1,04921423

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Aren't you just resanitizing?
  
  – Jake Sylvestre
  Mar 22 at 16:33
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess sanitize() is happening only once. And it works, that's why i posted.
  
  – Sunil Kumar
  Mar 23 at 6:06
  

  
  
  
  

add a comment | 

You need to sanitize() the safevalue like this :

this.domSanitizer.sanitize(SecurityContext.HTML,this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings));

share|improve this answer

answered Dec 24 '18 at 10:43

Sunil KumarSunil Kumar

1,04921423

this.domSanitizer.sanitize(SecurityContext.HTML,this.domSanitizer.bypassSecurityTrustHtml(this.parishDetail.mass_timings));

share|improve this answer

answered Dec 24 '18 at 10:43

Sunil KumarSunil Kumar

1,04921423

answered Dec 24 '18 at 10:43

Sunil KumarSunil Kumar

1,04921423

answered Dec 24 '18 at 10:43

Sunil KumarSunil Kumar

1,04921423