Angular translate sanitation / escape

Question

Angular translate sanitation / escape

I got weird or possibly intentional behavior using angular translate.
Our strategic value

$translateProvider.useSanitizeValueStrategy('sanitize');

We mainly use the translation filter in our application, but when it comes to special characters, we get instead of Überschrift something like and # 220; berschrift .
If I use the directive, it works.
If I use a filter, this only works when the sanitize strategy is set to "escaped".

Is there any other solution than rewriting ALL translation filters to directives?

Here is my plnkr http://plnkr.co/edit/QIMVQcyH5APeYxNnS82v

For information, I can’t just use a “shielded” strategy, because we use angular to translate variables, and these variables sometimes even contain html tags.

Thanks!

+6

javascript angularjs sanitization angular-translate

Anditthas Oct 14 '15 at 9:41

source share

1 answer

Dgarvanski · Accepted Answer · 2015-10-15T09:43:50+0000

Use sanitizeParameters instead of sanitize . Here is a fixed plnkr: http://plnkr.co/edit/qicVqPXn3qo6hMNa1fY2?p=preview

( EDIT: 07/10/2016 ): There is a significant difference between the two sanitation strategies. sanitizeParameters the interpolation parameters, not the translated output. This means that it does not allow changing these parameters, but the translated content is still vulnerable because it is not subject to sanitization.

The issue with sanitize and UTF-8 characters is a known issue and I believe that it works.

Angular translate sanitation / escape

More articles: