I use <div [innerHTML]="body"></div>
to pass unescaped HTML to my template, and when I pass to body
div
with attribute id
, Angular throw:
WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss). WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss). WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss).
So why it says this? What can be dangerous id
in div
? Could this bug?