From 0da189ba36d97a7be3af8aa30bd61bd7c4144134 Mon Sep 17 00:00:00 2001 From: Liam DeBeasi Date: Tue, 17 Oct 2023 09:23:12 -0400 Subject: [PATCH] docs: clarify IonicSafeString usage I've seen some confusion in threads such as https://github.com/ionic-team/ionic-framework/issues/28365 as to when to use IonicSafeString, so I wanted to clarify this on the docs. --- docs/techniques/security.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/techniques/security.md b/docs/techniques/security.md index 9545d43c1b7..8c944469682 100644 --- a/docs/techniques/security.md +++ b/docs/techniques/security.md @@ -83,7 +83,11 @@ Ionic Framework provides an application config option called `sanitizerEnabled` Developers can also choose to eject from the sanitizer in certain scenarios. Ionic Framework provides the `IonicSafeString` class that allows developers to do just that. :::note -In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config. See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information. +In order to bypass the sanitizer and use unsanitized custom HTML in the relevant Ionic components, `innerHTMLTemplatesEnabled` must be set to `true` in the Ionic config. + +`IonicSafeString` should not be used if `innerHTMLTemplatesEnabled` is set to `false`. + +See [Enabling Custom HTML Parsing](#enabling-custom-html-parsing-via-innerhtml) for more information. ::: #### Usage