I got a strange or maybe intended behavior with angular translate.
Our value strategie is
$translateProvider.useSanitizeValueStrategy('sanitize');
We use mostly the translate filter in our application, but when it es to special characters we get for example instead of Überschrift something like Ü ;berschrift.
If I use the directive it works.
If I use the filter this only works when the sanitize strategy is set to "escaped".
Is there another solution than to rewrite ALL the translation filters to directives?
Here is my plnkr
For your information, I can't simply use the "escaped" strategy, because we use angular translate variables as well and these variables contain sometimes even html tags.
Thanks!
I got a strange or maybe intended behavior with angular translate.
Our value strategie is
$translateProvider.useSanitizeValueStrategy('sanitize');
We use mostly the translate filter in our application, but when it es to special characters we get for example instead of Überschrift something like Ü ;berschrift.
If I use the directive it works.
If I use the filter this only works when the sanitize strategy is set to "escaped".
Is there another solution than to rewrite ALL the translation filters to directives?
Here is my plnkr http://plnkr.co/edit/QIMVQcyH5APeYxNnS82v
For your information, I can't simply use the "escaped" strategy, because we use angular translate variables as well and these variables contain sometimes even html tags.
Thanks!
Share Improve this question asked Oct 14, 2015 at 9:41 AnditthasAnditthas 5411 gold badge3 silver badges11 bronze badges2 Answers
Reset to default 13Use sanitizeParameters instead of sanitize. Here is the fixed plnkr: http://plnkr.co/edit/qicVqPXn3qo6hMNa1fY2?p=preview
(EDIT: 07/10/2016): There is a significant difference between the two sanitization strategies. sanitizeParameters sanitizes the interpolation parameters and not the translated output. That means that it doesn't allow for changes in those parameters, but the translated content is still vulnerable since it's not sanitized.
The problem with sanitize and UTF-8 characters is a known issue and I believe it's being worked on.
$translateProvider.useSanitizeValueStrategy(['escape', 'sanitizeParameters']);
This works for my project. I hope this is secure enough.
Source: https://stackoverflow./a/39118996/9798484