AngularJS ng-csp directive
Definition and Usage
ng-csp directive is used to change AngularJS's security policy.
setting ng-csp After the
will ng-csp The value of the no-unsafe-eval, which will prevent AngularJS from running any eval functions, but allow inline styles to be injected.
will ng-csp The value of the no-inline-style, which will prevent AngularJS from injecting any inline styles, but allow eval functions.
When developing applications for Google Chrome extensions or Windows applications, you need to use ng-csp directive.
Note:ng-csp The instruction does not affect JavaScript, but it changes the way AngularJS works, which means: you can still write eval functions, and they will execute as you expect, but AngularJS will not run its own eval function. It uses a compatibility mode, which may slow down the evaluation time by up to 30%.
Esempio
Modifica il comportamento di AngularJS riguardo a "eval" e stili inline:
<body ng-app="" ng-csp> ...
Sintassi
<elemento ng-csp="no-unsafe-eval | no-inline-style"></elemento>
Parametro
| Parametro | Descrizione |
|---|---|
|
Il valore può essere vuoto, il che significa che non è permesso eval né stili inline. Il valore può essere uno dei due valori descritti. Il valore può essere due valori, separati da punto e virgola, ma ha lo stesso significato dell'oggetto vuoto. |
