You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've seen some confusion in threads such as ionic-team/ionic-framework#28365 as to when to use IonicSafeString, so I wanted to clarify this on the docs.
Copy file name to clipboardExpand all lines: docs/techniques/security.md
+5-1Lines changed: 5 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -83,7 +83,11 @@ Ionic Framework provides an application config option called `sanitizerEnabled`
83
83
Developers can also choose to eject from the sanitizer in certain scenarios. Ionic Framework provides the `IonicSafeString` class that allows developers to do just that.
84
84
85
85
:::note
86
-
In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config. See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information.
86
+
In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config.
87
+
88
+
`IonicSafeString` should not be used if `innerHTMLTemplatesEnabled` is set to `false`.
89
+
90
+
See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information.
0 commit comments