Skip to content

Commit 0d281f6

Browse files
authored
docs: clarify IonicSafeString usage (#3198)
I've seen some confusion in threads such as ionic-team/ionic-framework#28365 as to when to use IonicSafeString, so I wanted to clarify this on the docs.
1 parent 8687974 commit 0d281f6

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

docs/techniques/security.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,11 @@ Ionic Framework provides an application config option called `sanitizerEnabled`
8383
Developers can also choose to eject from the sanitizer in certain scenarios. Ionic Framework provides the `IonicSafeString` class that allows developers to do just that.
8484

8585
:::note
86-
In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config. See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information.
86+
In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config.
87+
88+
`IonicSafeString` should not be used if `innerHTMLTemplatesEnabled` is set to `false`.
89+
90+
See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information.
8791
:::
8892

8993
#### Usage

0 commit comments

Comments
 (0)