Issue with ng-bind-html (sanitizing content)


#1

I’m unable to bind a simple result:

\u00a0Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean ut enim eu felis vehicula mattis ut interdum mi. Nulla in euismod nunc.

using:

<p data-ng-bind-html="{{ thing.content }}"></p>

The error returned:

Error: [$parse:syntax] Syntax Error: Token 'ipsum' is an unexpected token at column 6 of the expression [Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean ut enim eu felis vehicula mattis ut interdum mi. Nulla in euismod nunc.].

My content will be mixed with various tags and other data that’s useless for display (such as hidden microsoft word tags).

Am I completely misunderstanding what data sanitization is in the use of angular-sanitize? Is it in it’s infancy?

Maybe someone could help point me in the right direction for sanitizing content such as above (and which would also work for not displaying the hidden microsoft tags either)


#2

I am pretty sure that should look like this:

<p data-ng-bind-html="thing.content"></p>

When referring to scope variables from angular-attributes (attributes with “ng-” in them) you should pretty much always omit the curly braces.


#3

I think this post has the relevant links to the Angular docs on sanitize. I’m not so sure it’s Angular’s job to deal with hidden Microsoft Word tags.