diff options
| author | Cameron Spear | 2013-12-27 17:57:14 -0800 |
|---|---|---|
| committer | Caitlin Potter | 2014-01-17 17:12:53 -0500 |
| commit | 7ba30fd2e748f1878c085d7f76a8c59215d4694b (patch) | |
| tree | b546478af3d2c6a2bca7ebe9e971af6e7e6114a5 /src/ng/sce.js | |
| parent | 5adea0ba64b758f8f5700da73f6faca8ae1983be (diff) | |
| download | angular.js-7ba30fd2e748f1878c085d7f76a8c59215d4694b.tar.bz2 | |
docs($sce): correct documentation for angular 1.2.0
Include mention of `ngSanitize` (and add it to the example), as well as removing (and clarifying if
needed) references to `ng-html-bind-unsafe`.
Closes #5551
Diffstat (limited to 'src/ng/sce.js')
| -rw-r--r-- | src/ng/sce.js | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/ng/sce.js b/src/ng/sce.js index d1340c27..321921f5 100644 --- a/src/ng/sce.js +++ b/src/ng/sce.js @@ -275,7 +275,7 @@ function $SceDelegateProvider() { * * @description * Returns an object that is trusted by angular for use in specified strict - * contextual escaping contexts (such as ng-html-bind-unsafe, ng-include, any src + * contextual escaping contexts (such as ng-bind-html, ng-include, any src * attribute interpolation, any dom event binding attribute interpolation * such as for onclick, etc.) that uses the provided value. * See {@link ng.$sce $sce} for enabling strict contextual escaping. @@ -502,8 +502,8 @@ function $SceDelegateProvider() { * It's important to remember that SCE only applies to interpolation expressions. * * If your expressions are constant literals, they're automatically trusted and you don't need to - * call `$sce.trustAs` on them. (e.g. - * `<div ng-html-bind-unsafe="'<b>implicitly trusted</b>'"></div>`) just works. + * call `$sce.trustAs` on them (remember to include the `ngSanitize` module) (e.g. + * `<div ng-bind-html="'<b>implicitly trusted</b>'"></div>`) just works. * * Additionally, `a[href]` and `img[src]` automatically sanitize their URLs and do not pass them * through {@link ng.$sce#methods_getTrusted $sce.getTrusted}. SCE doesn't play a role here. @@ -563,7 +563,7 @@ function $SceDelegateProvider() { * matched against the **entire** *normalized / absolute URL* of the resource being tested * (even when the RegExp did not have the `^` and `$` codes.) In addition, any flags * present on the RegExp (such as multiline, global, ignoreCase) are ignored. - * - If you are generating your Javascript from some other templating engine (not + * - If you are generating your JavaScript from some other templating engine (not * recommended, e.g. in issue [#4006](https://github.com/angular/angular.js/issues/4006)), * remember to escape your regular expression (and be aware that you might need more than * one level of escaping depending on your templating engine and the way you interpolated @@ -580,7 +580,7 @@ function $SceDelegateProvider() { * ## Show me an example using SCE. * * @example -<example module="mySceApp"> +<example module="mySceApp" deps="angular-sanitize.js"> <file name="index.html"> <div ng-controller="myAppController as myCtrl"> <i ng-bind-html="myCtrl.explicitlyTrustedHtml" id="explicitlyTrustedHtml"></i><br><br> @@ -805,8 +805,8 @@ function $SceProvider() { * * @description * Delegates to {@link ng.$sceDelegate#methods_trustAs `$sceDelegate.trustAs`}. As such, - * returns an objectthat is trusted by angular for use in specified strict contextual - * escaping contexts (such as ng-html-bind-unsafe, ng-include, any src attribute + * returns an object that is trusted by angular for use in specified strict contextual + * escaping contexts (such as ng-bind-html, ng-include, any src attribute * interpolation, any dom event binding attribute interpolation such as for onclick, etc.) * that uses the provided value. See * {@link ng.$sce $sce} for enabling strict contextual * escaping. |