How to use DOMSANITIZER(bypassSecurityTrustUrl) while calling the API
Getting XSS vulnerabilities while calling the API for fetching the data. So trying to add DOMSANITIZER, but its failing. Tried below code, please suggest me the solution.
this.http.get(this.domSanitizer.bypassSecurityTrustUrl(dataUrl),{headers:headers}).subscribe(response => {
this.persons = response.data.map(x=>({...x,check:false,test:x.firstName}));
this.dtTrigger.next();
});
Solution
You can use DOMSANITIZER while using the API in following way.
- Import these:
import { Component, OnInit, ViewChild, SecurityContext, } from '@angular/core'; import {DomSanitizer} from '@angular/platform-browser';
- Use this below code in your project where you are using this:
const dataUrl = this.domSanitizer.sanitize( SecurityContext.RESOURCE_URL, this.domSanitizer.bypassSecurityTrustResourceUrl( 'https://raw.githubusercontent.com/l-lin/angular-datatables/master/demo/src/data/data.json' ) ); this.http.get(dataUrl).subscribe((response) => { this.persons = response.data.map((x) => ({ ...x, check: false, test: x.firstName, })); this.dtTrigger.next(); });
Important:
This code is working on your stackblitz url.
I have also save it and you can go there to check it. https://stackblitz.com/edit/column-names-as-tooltip-wcw1f7?file=app%2Fapp.component.ts
- Angular - Why isn't my dropdown list working
- Angular using DataTables error while importing DataTables.Settings
- file Input Event type in Angular
- Angular 16 RxJs Issue Updating Total on Header Component
- Angular V18 PM [vite] Internal server error: Page /home did not render in 30 seconds
- How to use angular flex-layout in angular 18
- PrimeNg p-inputnumber cannot be styled
- How to disable all the fields in a template driven form in angular
- Set select element width equal to it's option's content width dynamically
- How to show autocomplete options on focus
- Angular 7: Singleton service not working after routing
- Property 'columnApi' does not exist on type 'GridReadyEvent<any, any>' in Ag-Grid
- Angular 16 SSR throws TypeError: Right-hand side of 'instanceof' is not an object
- ng-select how to get any property of selected item/object into html template
- husky > pre-commit hook failed (add --no-verify to bypass)
- Using signals with dynamic angular forms?
- This version of CLI is only compatible with Angular version 5.0.0 or higher error
- Default and specific request timeout
- Angular: How to add global CSS, but only for one specific page?
- Angular tests with Jest: How to inject HttpClient: Can't resolve all parameters for xxxx
- Validation not working on fields name ending with dots in angular
- Trouble binding src attribute of embed tag in Angular
- Angular: ng-container not displayed
- How to insert a dynamic component inside a element in Angular
- Why ngModel doesn't works on the last version of Angular 17?
- Angular 18 SSR Standalone - Routes to be generated from data before Bootstrap
- How to do some restriction with signals in angular?
- Name Duplication Validation
- How to get Nested formgroup's controls in angular
- How to get rid of horizontal line in mat-tab-group