Class TrustedHTML

A wrapper around a string that has been marked as "trusted". When rendered in HTML, Ember will not perform any escaping.

Note:

1. This does not make the string safe; it means that some code in your application has marked it as trusted using the trustHTML() function.

2. The only public API for getting a TrutsedHTML is calling trustHTML(). It is not user-constructible.

If a string contains user inputs or other untrusted data, you must sanitize the string before using the trustHTML method. Otherwise your code is vulnerable to Cross-Site Scripting. There are many open source sanitization libraries to choose from, both for front end and server-side sanitization.

import { trustHTML } from '@ember/template';

let someTrustedOrSanitizedString = "<div>Hello!</div>"

trustHTML(someTrustedorSanitizedString);