It’s not necessarily specific to DOMSanitizer, although that’s where most people seem to bang into it in real life.
If bar
is a string, the following two expressions are functionally identical:
foo="{{bar}}"
[foo]="bar"
If it’s not a string, you must use the second syntax. Rather than remembering this all the time, that’s why I recommend just never using the first syntax. When working with DOMSanitizer, you are creating a magical SafeUrl
object. The {{}}
syntax causes it to lose its magic and become an ordinary string again.