Skip to content
This repository has been archived by the owner on May 29, 2019. It is now read-only.

Switch from bind-html-unsafe to ng-bind-html in typeahead #4073

Closed
wesleycho opened this issue Aug 2, 2015 · 3 comments
Closed

Switch from bind-html-unsafe to ng-bind-html in typeahead #4073

wesleycho opened this issue Aug 2, 2015 · 3 comments
Labels
component: typeahead needs: breaking change type: enhancement
Milestone
0.13.4 (Maintenance)

Comments

@wesleycho
Copy link
Contributor

For security reasons, we should only be adding whitelisted HTML - we should not be using an unsafe binding mechanism.
@wesleycho wesleycho added this to the 0.13.3 (Performance) milestone Aug 2, 2015
@wesleycho
Copy link
Contributor Author

This requires a change in the typeahead-match.html template, as well as likely some work fixing the tests to whitelist the templates. This also requires some change in typeahead itself, including the typeaheadHighlight filter.

@wesleycho wesleycho mentioned this issue Aug 2, 2015
Closed
@wesleycho
Copy link
Contributor Author

This should be addressed by the changes in #3463.

@wesleycho
Copy link
Contributor Author

This is also a duplicate of #2884

@wesleycho wesleycho modified the milestones: 0.13.3 (Fixes), 0.13.4 (Performance) Aug 9, 2015
@wesleycho wesleycho mentioned this issue Aug 10, 2015
Closed
@Parth59 Parth59 mentioned this issue Jul 9, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
component: typeahead needs: breaking change type: enhancement
Projects
None yet
Milestone
0.13.4 (Maintenance)
Development

No branches or pull requests
1 participant
@wesleycho