Skip to content

Commit

Permalink
docs: clarify IonicSafeString usage
Browse files Browse the repository at this point in the history
I've seen some confusion in threads such as ionic-team/ionic-framework#28365 as to when to use IonicSafeString, so I wanted to clarify this on the docs.
  • Loading branch information
liamdebeasi authored Oct 17, 2023
1 parent 8687974 commit 0da189b
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion docs/techniques/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,11 @@ Ionic Framework provides an application config option called `sanitizerEnabled`
Developers can also choose to eject from the sanitizer in certain scenarios. Ionic Framework provides the `IonicSafeString` class that allows developers to do just that.

:::note
In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config. See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information.
In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config.

`IonicSafeString` should not be used if `innerHTMLTemplatesEnabled` is set to `false`.

See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information.
:::

#### Usage
Expand Down

0 comments on commit 0da189b

Please sign in to comment.