AngularJS ng-csp instruction
Definition and usage
ng-csp Instruction is used to change AngularJS's security policy.
is set ng-csp After the
is set to ng-csp The value of the no-unsafe-eval, which will prevent AngularJS from running any eval functions, but allow inline styles to be injected.
is set to ng-csp The value of the no-inline-style, which will prevent AngularJS from injecting any inline styles, but allow eval functions.
When developing applications for Google Chrome extensions or Windows applications, you need to use ng-csp Instruction.
Note:ng-csp The instruction does not affect JavaScript, but it changes the way AngularJS works, which means: you can still write eval functions, and they will execute as you expect, but AngularJS will not run its own eval function. It uses a compatibility mode that may slow down evaluation time by up to 30%.
Exemplo
Mudar o comportamento do AngularJS em relação ao 'eval' e estilos inline:
<body ng-app="" ng-csp> ...
Sintaxe
<elemento ng-csp="no-unsafe-eval | no-inline-style"></elemento>
Parâmetro
| Parâmetro | Descrição |
|---|---|
|
O valor pode estar vazio, o que significa que não é permitido eval nem estilos inline. Este valor pode ser um dos dois valores descritos. Este valor pode ser dois valores, separados por ponto e vírgula, mas isso tem o mesmo significado que o valor vazio. |
