Question

117

Angular 2 how to execute script tag from innerHTML

rated 0 times [ 123] [ 6] / answers: 1 / hits: 15335 / 8 Years ago, mon, january 9, 2017, 12:00:00

I have load the HTML page by http.get() method, and i add content this page to div tag.

getRequestToAssignPage (param: string) : any {



    return this.$http.get(param)

        .map((res: Response) => {



            this.status = res;



            return res.text();

        })

        .toPromise()

        .then(response => {







            let restr: string = response;







            restr = restr.replace(/(<head[^>]*)(?:[^])*?/head>/ig, '')

                .replace(/(<(/?)body([^>]*?)>)/g, '')

                .replace(/(<style[^>]*)(?:[^])*?/style>/g, '')

                .replace(/(<(/?)html([^>]*?)>)/g, '')

                .replace(/(<app-root[^>]*)(?:[^])*?/app-root>/ig, '')

                .replace(/(<?[sS]*??>)|(<!DOCTYPEs+w+s+[[sS]*?]>)|(<!w[sS]*?>)/g, '')

                .replace(/(hrefs*=s*(?:))/ig, 'href=/#')

                .replace(/(hrefs*=s*(?:'))/ig, href='/#);







            this.response = restr;





        })

        .catch(error => this.status = error );



}

How you do you see, this method, put response in variable, and parse string by regular expressions
Ok, and next I add it to div, like this

<div [innerHTML]=response | safe></div>

Good, my page is display. But, scripts doesn't work. They are exist in the div tag, but doesn't execute.

I had tried do that with eval() but this finished by poorly

let scripts: string[] = restr.match(/<scr[sS]*?ipt>/g);



            this.srcfield.nativeElement.innerHTML = '';



            scripts.forEach((value, index) => {

                eval.call(null, (this.srcfield.nativeElement.innerHTML = value));

            });

SyntaxError: Unexpected token <

Why innerHTML doesn't execute loaded script tags? How i can fix that?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

dequant

Add To Favorites

Follow

Total Points: 88

Total Questions: 99

Total Answers: 95

Location: Ukraine

Member since Sun, Dec 13, 2020

4 Years ago

dequant questions

1 React App: EventSource's response has a MIME type (application/json) that is not text/event-stream. Aborting the connection

Sat, Aug 29, 20, 00:00, 4 Years ago

1 How to get Image Url from local Json file in React.js

Tue, Aug 4, 20, 00:00, 4 Years ago

1 Get next cron job timing in node-cron

Thu, Jun 25, 20, 00:00, 4 Years ago

1 How to get current latitude and longitude in vuejs

Sat, Jun 20, 20, 00:00, 4 Years ago

1 React lazy loading - when to use

Tue, Feb 25, 20, 00:00, 4 Years ago

View All

answered 8 Years ago dannyc · Accepted Answer

Based on the Adam's solution you can implement a custom directive along with the pipe and re-insert scripts into the DOM. This would account for both cases: inline scripts and src scripts. Keep in mind that allowing scripts like so is very dangerous.

Pipe:

import { Pipe, PipeTransform } from '@angular/core';

import { DomSanitizer } from '@angular/platform-browser';



@Pipe({ name: 'safeHtml' })

export class SafeHtmlPipe implements PipeTransform {

    constructor(private sanitizer: DomSanitizer) { }



    transform(html) {

        return this.sanitizer.bypassSecurityTrustHtml(html);

    }

}

Directive:

import { Directive, ElementRef, OnInit } from '@angular/core';



@Directive({ selector: '[runScripts]' })

export class RunScriptsDirective implements OnInit {

    constructor(private elementRef: ElementRef) { }

    ngOnInit(): void {

        setTimeout(() => { // wait for DOM rendering

            this.reinsertScripts();

        });

    }

    reinsertScripts(): void {

        const scripts = <HTMLScriptElement[]>this.elementRef.nativeElement.getElementsByTagName('script');

        const scriptsInitialLength = scripts.length;

        for (let i = 0; i < scriptsInitialLength; i++) {

            const script = scripts[i];

            const scriptCopy = <HTMLScriptElement>document.createElement('script');

            scriptCopy.type = script.type ? script.type : 'text/javascript';

            if (script.innerHTML) {

                scriptCopy.innerHTML = script.innerHTML;

            } else if (script.src) {

                scriptCopy.src = script.src;

            }

            scriptCopy.async = false;

            script.parentNode.replaceChild(scriptCopy, script);

        }

    }

}

Usage:

<div [innerHTML]=myDynamicMarkup | safeHtml runScripts></div>