escaped expression values override during data binding
131 views
Skip to first unread message
aappd...@gmail.com
May 15, 2014, 10:51:28 PM5/15/14
to polym...@googlegroups.com
I saw this note under the binding expression documentation for Polymer.
I need to display HTML formatted text from my database. My app contains rich text that is user authored content. The tags in the content are managed e.g. p, em, font size.
You can’t insert HTML using expressions. To avoid XSS issues, the output of an expression is HTML escaped before being inserted as the value of the binding.
I need to display HTML formatted text from my database. My app contains rich text that is user authored content. The tags in the content are managed e.g. p, em, font size.
Its an important part of the use of polymer databinding in my app. How can I override this documented behavior? I also store alot of non-user authored content in my database for display purposes e.g. textual blocks providing user instructions on how to perform a task.
Eric Bidelman
May 15, 2014, 10:56:22 PM5/15/14
to Devon Miller, polymer-dev
This was answered on SO a while back: http://stackoverflow.com/questions/22199662/how-to-decode-polymer-jsonp-element-html-tag/22208332#22208332
Follow Polymer on Google+: plus.google.com/107187849809354688692
---
You received this message because you are subscribed to the Google Groups "Polymer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to polymer-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/polymer-dev/2d6015e7-0f18-4a63-8f20-e471a1ff2afe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
aappd...@gmail.com
May 16, 2014, 6:35:53 AM5/16/14
to polym...@googlegroups.com
Thanks. I do my searching before asking but looks like I missed this one.
Reply all
Reply to author
Forward
0 new messages