javascript - Injecting a script tag with ngBindHtml - Stack Overflow

I have external API data which is a user generated content. The client wants to dynamically update his own site with this feed, including the ability to use JavaScript.

<div ng-bind-html="post.content"></div>

Will display anything that is HTML or CSS but does not work with JavaScript:

"content":"<div>Hello Stack</div><script>alert('whats up?');</script>"

I have tried including ngSanitize as well as using ng-bind-html-unsafe.

No dice.

I have external API data which is a user generated content. The client wants to dynamically update his own site with this feed, including the ability to use JavaScript.

<div ng-bind-html="post.content"></div>

Will display anything that is HTML or CSS but does not work with JavaScript:

"content":"<div>Hello Stack</div><script>alert('whats up?');</script>"

I have tried including ngSanitize as well as using ng-bind-html-unsafe.

No dice.

• javascript
• angularjs

Share Improve this question Follow edited Mar 4, 2016 at 15:00 isherwood 61.2k1616 gold badges121121 silver badges169169 bronze badges asked Jul 4, 2013 at 2:27 Dan KanzeDan Kanze 18.6k2828 gold badges8484 silver badges135135 bronze badges

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 6

You have to include jQuery for this to work.

After some searching I came across https://stackoverflow./a/14088380/1264846.

Example plunkr: http://plnkr.co/edit/zEXXCB459Tp25VJiyyZb?p=preview