-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathunsafe-html.ts
28 lines (26 loc) · 1023 Bytes
/
unsafe-html.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
/**
* @license
* Copyright (c) 2017 The Polymer Project Authors. All rights reserved.
* This code may only be used under the BSD style license found at
* http://polymer.github.io/LICENSE.txt
* The complete set of authors may be found at
* http://polymer.github.io/AUTHORS.txt
* The complete set of contributors may be found at
* http://polymer.github.io/CONTRIBUTORS.txt
* Code distributed by Google as part of the polymer project is also
* subject to an additional IP rights grant found at
* http://polymer.github.io/PATENTS.txt
*/
import {directive, NodePart} from '../lit-html.js';
/**
* Renders the result as HTML, rather than text.
*
* Note, this is unsafe to use with any user-provided input that hasn't been
* sanitized or escaped, as it may lead to cross-site-scripting
* vulnerabilities.
*/
export const unsafeHTML = (value: any) => directive((_part: NodePart) => {
const tmp = document.createElement('template');
tmp.innerHTML = value;
return document.importNode(tmp.content, true);
});