forked from swimlane/ngx-datatable
-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: do not bind content as
innerHTML
by default (#126)
BREAKING CHANGE: Previously, cell values were bound using `innerHTML`. With this change they are now bound using normal data binding. This means that any html markup will no longer be rendered. To restore the previous behavior set `bindAsUnsafeHtml` on columns where needed. We decided to change this behavior, as binding `innerHTML` can lead to HTML injection. Especially in table content which are often untrusted user generated content. BREAKING CHANGE: Header cell names are now bound using data binding instead of `innerHTML`. Use a `headerTemplate` to provide custom html markup.
- Loading branch information
1 parent
ab910c3
commit e818477
Showing
4 changed files
with
16 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters