Duration: 16:43 min
Summary: In this lesson, we will continue our discussion on built-in services. We will talk about $sce and ngSanitize. When developing applications, you will run into cases where you need to display some data that contains HTML. In addition, you might display a form that the hacker can use to enter HTML and script code to manipulate and control the data. Luckily, Angular does not interpret HTML and does not run scripts by default. We will see that in today’s example as we add some HTML with script code to a scope variable. You will see that the dangerous characters are escaped and the script code is stripped out. But if you really want to display that data and you truly “believe” it is safe (I won’t recommend it), you can use $sce.trustAsHtml().