AngularJS ng-csp directive
Definition and usage
ng-csp Directive is used to change AngularJS's security policy.
is set ng-csp After the
is set to ng-csp The value of the no-unsafe-eval, which will prevent AngularJS from running any eval functions, but allow the injection of inline styles.
is set to ng-csp The value of the no-inline-style, which will prevent AngularJS from injecting any inline styles, but allow eval functions.
When developing applications for Google Chrome extensions or Windows applications, you need to use ng-csp Directive.
Note:ng-csp Instructions do not affect JavaScript, but they change the way AngularJS works, which means: you can still write eval functions, and they will execute as you expect, but AngularJS will not run its own eval function. It uses a compatibility mode, which may slow down evaluation time by up to 30%.
Eksempel
Ændr AngularJS adfærd i forhold til "eval" og inline styles:
<body ng-app="" ng-csp> ...
Syntax
<element ng-csp="no-unsafe-eval | no-inline-style"></element>
Parameter
| Parameter | Beskrivelse |
|---|---|
|
Værdien kan være tom, hvilket betyder, at både eval og inline styles ikke er tilladt. Værdien kan være én af de to beskrevne værdier. Værdien kan være to værdier adskilt af semikolon, men har samme betydning som en tom værdi. |
