AngularJS ng-csp directive
AngularJS instance
Modify the behavior and inline style of "eval" in AngularJS:
<!DOCTYPE html><html><head><meta charset="utf-8"><script src="http://apps.bdimg.com/libs/angular.js/1.4.6/angular.min.js"></script></head><body ng-app="" ng-csp><div><p>My first expression: {{ 5 + 5 }}</p></div><p>Using the ng-csp directive, you can modify the way AngularJS executes code. </p><p>AngularJS execution method improves performance by 30%</p></body></html>Running results:
My first expression: 10
Using the ng-csp directive, you can modify the way AngularJS executes code.
AngularJS execution method improves performance by 30%
Definition and usage
The ng-csp directive is used to modify AngularJS security policies.
If the ng-csp directive is used, AngularJS will not execute the eval function, so that inline styles cannot be injected.
Setting the ng-csp directive to no-unsafe-eval will prevent AngularJS from executing eval functions, but allows inline style injection.
Setting the ng-csp directive to no-inline-style will prevent AngularJS from injecting inline styles, but allows execution of eval functions.
It is necessary to develop a Google Chrome extension or Windows application ng-csp directive.
Note: The ng-csp directive will not affect JavaScript, but will modify how AngularJS works, which means: you can still write eval functions, and it will work normally.
Execute, but AngularJS cannot execute its own eval function. If compatible mode is used, performance will be reduced by 30%.
grammar
<element ng-csp="no-unsafe-eval | no-inline-style"></element>
Parameter value
| value | describe |
|---|---|
| no-unsafe-eval no-inline-style | The value can be set to empty, meaning neither eval nor inline styles are allowed. One of the values can be set. You can also set two values at the same time to separate them with semicolons, but this is the same as leaving blank. |
The above is a compilation of AngularJS ng-csp instruction materials, for reference by friends who study AngularJS.