In my application i'm loading a youtube vedio into a iframe. I have sanitized the url. But the src attribute doesnt load when i run the application.
below is the html:
<a [href]="data.url" target="_blank" *ngIf="data.contentTypeString=='YOUTUBE_VIDEO' && data.url != null">
<div class="embed-responsive embed-responsive-16by9">
<iframe *ngIf="data.contentTypeString=='YOUTUBE_VIDEO'"
class="embed-responsive-item"
src="{{data.url}}"></iframe>
</div>
</a>
below is the screenshot when i run the same:
The src just wont load i have tried with [src]=data.url.
Below is the method i'm using to sanitize the url:
public manageYoutubeUrl(url: any) {
console.log("url====" + url);
var youtubeUrl = this.sanitize.bypassSecurityTrustUrl(url.replace('watch?v=', 'embed/').replace('http://', 'https://')+"?wmode=opaque&rel=0&autohide=1&showinfo=0&wmode=transparent");
console.log("youtubeUrl=====" + youtubeUrl);
return youtubeUrl;
}
When i check the log for youtubeURL it's comming like this:
youtubeUrl=====SafeValue must use [property]=binding: https://www.youtube.com/embed/l-103taCWOQ?wmode=opaque&rel=0&autohide=1&showinfo=0&wmode=transparent (see http://g.co/ng/security#xss)
ERROR Error: Required a safe ResourceURL, got a URL (see http://g.co/ng/security#xss) at DomSanitizerImpl.checkNotSafeValue (
Please guide. Thanks.
DomSanitizationissue @Shruti - Rahul Singh[src]="data.url"- Ploppy