我的书签
添加书签
移除书签Ionic comes built in with basic sanitization methods for the components it provides, but for user-created components it is up to the developer to make sure all data is sanitized. Different frameworks have different solutions for sanitizing user input, so developers should familiarize themselves with what their specific framework offers.
For developers who are not using a framework, or for developers whose framework does not provide the sanitization methods they need, we recommend using . This package provides a simple HTML sanitizer that allows the developer to specify the exact tags and attributes that they want to allow in their application.
To learn more about the built-in protections that Angular provides, see the Angular Security Guide.
React DOM escapes values embedded in JSX before rendering them by converting them to strings. For example, the following would be safe as name is converted to a string before being rendered:
If the developer needs to achieve more comprehensive sanitization, they can use the package.
To learn more about the built-in protections that React and JSX provide, see the React JSX Documentation.
To learn more about the security recommendations for binding to directives such as v-html, see the .
