AngularJS ng-csp directive
Definition and usage
ng-csp Directive is used to change AngularJS's security policy.
setting ng-csp After the
command ng-csp The value of the no-unsafe-evalto prevent AngularJS from running any eval functions, but allow inline style injection.
command ng-csp The value of the no-inline-styleto prevent AngularJS from injecting any inline styles, but allow eval functions.
When developing applications for Google Chrome extensions or Windows applications, you need to use ng-csp Directives.
Note:ng-csp Instructions do not affect JavaScript, but they change the way AngularJS works, which means: you can still write eval functions, and they will execute as you expect, but AngularJS will not run its own eval function. It uses a compatibility mode, which may slow down evaluation time by up to 30%.
Exempel
Ändra AngularJS beteende för "eval" och inline styles:
<body ng-app="" ng-csp> ...
Syntax
<element ng-csp="no-unsafe-eval | no-inline-style"></element>
Parameter
| Parameter | Beskrivning |
|---|---|
|
Värdet kan vara tomt, vilket innebär att både eval och inline styles inte är tillåtna. Värdet kan vara en av de två värden som beskrivs. Värdet kan vara två värden, separerade med semikolon, men detta har samma innebörd som ett tomt värde. |
