<!DOCTYPE html>
<html ng-app="myApp">
<head>
<meta charset="UTF-8" />
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.8/angular.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.8/angular-sanitize.min.js"></script>
<title>AngularJS TIPS</title>
</head>
<body>
<form ng-controller="myController">
<div ng-bind-html="msg"></div>
</form>
<script>
var app = angular.module('myApp', [ 'ngSanitize' ]);
app.controller('myController', ['$scope', '$sce',
function($scope, $sce)
{ var msg = '<script>console.log("危険!");<'
+ '/script><p>こんにちは、世界</p>'
+ '<a href="#" onclick="alert(\'こんにちは!\')">危険なリンク</a>'
+ '<button>おっす</button>'
+ '<font color="Red">こんにちは、世界</font>';
$scope.msg = $sce.trustAsHtml(msg);
}]);
</script>
</body>
</html>
|