任何人都可以推荐一个正则表达式,它会拒绝任何带有字符的字符串,这些字符应该被转义以用于角度形式的输入,例如......
<input name="name" type="text" ng-pattern="*REGEX HERE*" ng-model="selectedExercise.name" />
是的,我知道这不是清理用户输入的好方法。在与后端通信并在后端进行全面清理之前,我也在使用 $sanitize。
1 回答
0
If you are looking to prevent XSS type attacks, then the way to do this is to sanitize the input when it is being rendered to the user and not at time of capture.
If your application is rendering using Angular, then it automatically safely encodes all output on binding.
于 2015-02-20T07:24:32.103 回答