Angular $sce.trustAsHtml and Sanitize ignores certain chars

Question

Certain chars and text after that gets rejected when using ng-bind-html along with $sce.trustAsHtml. Any Ideas on taclking this issue?

Controller

angular.module('myApp', []).controller('IndexController', ['$scope', '$sce', function($scope, $sce){
  $scope.text= $sce.trustAsHtml('TEST>19 XYZ </= This is not showing up in ng-bind-html />');
}]);

HTML
<!DOCTYPE html>
<html ng-app="myApp">

<head>
  <script data-require="angular.js@*" data-semver="1.3.8" src="http://code.angularjs.org/1.3.8/angular.js"></script>
  <script src="script.js"></script>
  <link rel="stylesheet" type="text/css" href="style.css">  
</head>

<body ng-controller="IndexController">
  <input style="width:100%" type="text" ng-model="text">
  <div ng-bind-html="text"></div>
</body>
</html>

plunker http://plnkr.co/edit/kjtNXYzPCMS3Q3OirwYZ?p=preview

This is invalid html, the < and > should be encoded as html entities : > < — Renan Le Caro
I understand that is an invalid html, however I am trying to figureout a way to display that as it is in the page using ng-bind-html thought. — user1288411

Renan Le Caro Renan Le Caro · Accepted Answer · 2015-02-16T18:58:56

This is invalid html, the < and > should be encoded as html entities : > <

If you just put this html in a page, the display is the same (please run the very simple snippet below). The browser just doesn't know what to do with this tag.

TEST>19 XYZ </= This is not showing up in ng-bind-html />

Angular $sce.trustAsHtml and Sanitize ignores certain chars

1 Answers