A wrapper around a string that has been marked as "trusted". When rendered in HTML, Ember will not perform any escaping.
Note:
This does not make the string safe; it means that some code in your application has marked it as trusted using the
trustHTML()function.The only public API for getting a
TrutsedHTMLis callingtrustHTML(). It is not user-constructible.
If a string contains user inputs or other untrusted data, you must sanitize
the string before using the trustHTML method. Otherwise your code is
vulnerable to Cross-Site Scripting. There are many open source
sanitization libraries to choose from, both for front end and server-side
sanitization.
import { trustHTML } from '@ember/template';
let someTrustedOrSanitizedString = "<div>Hello!</div>"
trustHTML(someTrustedorSanitizedString);Methods
toHTML : String public
Defined in packages/@ember/-internals/glimmer/lib/utils/string.ts:58
- returns
- String
the trusted string, without any escaping applied
Get the wrapped string as HTML to use without escaping.
toString : String public
Defined in packages/@ember/-internals/glimmer/lib/utils/string.ts:47
- returns
- String
The string marked as trusted
Get the string back to use as a string.