honeymoose/angular-cn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: 翻译遗漏的部分。

Browse Source
This commit is contained in:
Zhicheng Wang 2018-09-24 08:26:10 +08:00
parent 5a3a30ccdb
commit d2554b40ea
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
aio/content/guide/security.md
View File

@ -189,6 +189,9 @@ contain unsafe methods. In the same way, if you interact with other libraries th
the DOM, you likely won't have the same automatic sanitization as with Angular interpolations. the DOM, you likely won't have the same automatic sanitization as with Angular interpolations.
Avoid directly interacting with the DOM and instead use Angular templates where possible. Avoid directly interacting with the DOM and instead use Angular templates where possible.
浏览器内置的 DOM API 不会自动保护你免受安全漏洞的侵害。比如 `document`、通过 `ElementRef` 拿到的节点和很多第三方 API都可能包含不安全的方法。如果你使用能操纵 DOM 的其它库,也同样无法借助像 Angular 插值那样的自动清理功能。
所以,要避免直接和 DOM 打交道,而是尽可能使用 Angular 模板。
For cases where this is unavoidable, use the built-in Angular sanitization functions. For cases where this is unavoidable, use the built-in Angular sanitization functions.
Sanitize untrusted values with the [DomSanitizer.sanitize](api/platform-browser/DomSanitizer#sanitize) Sanitize untrusted values with the [DomSanitizer.sanitize](api/platform-browser/DomSanitizer#sanitize)
method and the appropriate `SecurityContext`. That function also accepts values that were method and the appropriate `SecurityContext`. That function also accepts values that were