问题描述
我新的Web开发。我使用AngularJS 1.3.0。当我尝试使用{{事情[0] .embed}}从我的数据库中插入嵌入源视频的链接,则不会有任何显示,但硬编码链接,例如//www.youtube.com/embed/wZZ7oFKsKzY作品。有没有办法,我失去了一些东西?我是否滥用范围不知何故?
下面是我想要做的另一个例子。如果更换{{事情[0] .embed}}使用YouTube链接,它的工作原理。为什么它不替换{{事情[0] .embed}}的链接?
您必须明确指导的角度来信任的内容,否则会为XSS攻击提供安全漏洞。那是什么
$ sce.trustResourceAsUrl()
函数调用的。
I'm new to web dev. I'm using AngularJS 1.3.0. When I try using {{ things[0].embed }} to insert the embedded source video link from my database, nothing is displayed, but hardcoding the link, for example "//www.youtube.com/embed/wZZ7oFKsKzY", works. Is there something that I'm missing? Am I misusing the scope somehow?Here's another example of what I'm trying to do. If you replace the {{thing[0].embed}} with the youtube link, it works. Why doesn't it replace the {{thing[0].embed}} with the link?http://plnkr.co/edit/Udml7NIyWcUuMtYGDXNc?p=preview
//myCore.js
var coreControl = angular.module('myCore', []);
function mainController($scope, $http) {
$scope.formData = {};
$http.get('*')
.success(function(data) {
$scope.things = data;
console.log(data);
})
.error(function(data) {
console.log('Error: ' + data);
});
$scope.doThings = function() {
$http.post('*', $scope.formData)
.success(function(data) {
$scope.formData = {};
$scope.things = data;
console.log(data);
})
.error(function(data) {
console.log('Error: ' + data);
});
};
}
//index.html
<div ng-if="moves.length==1" class="col-sm-4 col-sm-offset-4">
<h1> {{ things[0].name }} </h1>
<iframe width="560" height="315" ng-src="{{ things[0].embed }}" frameborder="0" allowfullscreen></iframe>
{{ things[0].embed }}
</div>
You must explicitly direct angular to trust content that could otherwise provide security holes for xss attacks. That is what the
$sce.trustResourceAsUrl()
function call is for.
这篇关于IFRAME在AngularJS 1.3.0不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!