@it-era/ngx-safe-pipes
Advanced tools
[](https://badge.fury.io/gh/it-era%2Fngx-safe-pipes) [](https://badge.fury.io/js/%40it-era%2Fngx-safe-pipes)
This library provide convenient pipes to bypass Angular built-in sanitization and get rid off the unsafe value used in a ... context.
This package is a part of the IT-era/ngx packages suite.
Get it on npm :
npm i @it-era/ngx-safe-pipes
And add the NgxSafePipesModule into the imports array of your module (containing the template to fix) :
import { NgxSafePipesModule } from '@it-era/ngx-safe-pipes';
// ...
@NgModule({
imports: [
NgxSafePipesModule,
// ...
]
})
export class YourModule { }
CAUTION: Calling thoses methods with untrusted user data exposes your application to XSS security risks!
Usage :
<div [innerHTML]="trustedHtml | safeHtml"></div>
Usage :
<img [attr.src]="trustedUrl | safeUrl">
NB: Usefull also for base64 images.
Usage :
<iframe [attr.src]="trustedResourceUrl | safeResourceUrl"></iframe>
Usage :
<script [attr.src]="trustedScript | safeScript"></script>
Usage :
<style [attr.src]="trustedStyle | safeStyle"></style>
Alternatively, you could use the generic SafePipe with the following syntax:
<div [innerHTML]="trustedHtml | safe: 'html'"></div>
<style [attr.src]="trustedStyle | safe: 'style'"></style>
<script [attr.src]="trustedScript | safe: 'script'"></script>
<img [attr.src]="trustedUrl | safe: 'url'">
<iframe [attr.src]="trustedResourceUrl | safe: 'resourceUrl'"></iframe>
You can find it here.
FAQs
This library provide convenient pipes to bypass Angular built-in sanitization and get rid off the `unsafe value used in a ... context`.
The npm package @it-era/ngx-safe-pipes receives a total of 16 weekly downloads. As such, @it-era/ngx-safe-pipes popularity was classified as not popular.
We found that @it-era/ngx-safe-pipes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.