Search code examples
angularhtml-sanitizing

sanitizing unsafe URL value javascript

Angular 2 final release.

I have my link as following with refers to the href="javascript:;" my link

and i am getting following warning

WARNING: sanitizing unsafe URL value javascript:; (see http://g.co/ng/security#xss)

I need my link to be javascript:; because if i make it '#' or '' it refreshes the page.

I have read couple of posts where people report this issue to angular folks and they will fix it.. any help is appreciated.

Solution

  • done with the help of pkozlowski-opensource

    I don't think you want to trick sanitization here. If you are using a link that has a click event and it shouldn't trigger navigation just prevent default action on the event, ex.:

    <a (click)="$event.preventDefault(); doSth()"> or even shorter
<a (click)="!!doSth()">

    reference post https://github.com/angular/angular/issues/11805#issuecomment-248840338

    i simply removed href and added a click event like as following

    <a (click)="!!navigateToUrl(urlVar)">..</a>

    Note: '!!' prevent triggering 'href' action and prevent page refresh. navigateToUrl is my js method simply i am doing as

    if(urlVar){
window.location.href=urlVar
}

    works like charm no warnings etc..