AngularJS ng-csp directive
Definition and Usage
ng-csp directive is used to change AngularJS's security policy.
directive is set, AngularJS will not run any eval functions and will not inject any inline styles. ng-csp After the
directive is set to ng-csp The value of the no-unsafe-eval, which will prevent AngularJS from running any eval functions, but allow inline styles to be injected.
directive is set to ng-csp The value of the no-inline-style, which will prevent AngularJS from injecting any inline styles, but allow eval functions.
When developing applications for Google Chrome extensions or Windows applications, you need to use ng-csp Directive.
Note:ng-csp Instructions do not affect JavaScript, but they change the way AngularJS works, which means: you can still write eval functions, and they will execute as you expect, but AngularJS will not run its own eval function. It uses a compatibility mode, which may slow down the evaluation time by up to 30%.
Example
Change the behavior of AngularJS in terms of "eval" and inline styles:
<body ng-app="" ng-csp> ...
Syntax
<element ng-csp="no-unsafe-eval | no-inline-style"></element>
Parameter
| Parameter | Description |
|---|---|
|
The value can be empty, meaning that neither eval nor inline styles are allowed. This value can be one of the two values described. This value can be two values, separated by a semicolon, but it has the same meaning as a null value. |
