javascript / expert
Snippet
Reactive Content Sanitization in Signal Pipelines
Reactive security ensures that untrusted data is sanitized immediately upon state changes. By wrapping the DomSanitizer logic in a computed() signal, the UI always receives a processed, safe version of the HTML without manual intervention.
snippet.js
1
2
3
4
5
6
7
8
9
@Component({ ... })export class SafeCmp {private sanitizer = inject(DomSanitizer);rawContent = signal('<img src=x onerror=alert(1)>');safeContent = computed(() =>this.sanitizer.bypassSecurityTrustHtml(this.rawContent()));}
angular
Breakdown
1
private sanitizer = inject(DomSanitizer);
Injects the security service into the component context.
2
this.sanitizer.bypassSecurityTrustHtml(...);
Explicitly marks the content as safe for the DOM after manual validation.