how to add onclick?

Question

Hi,

I read the article at : http://msdn.microsoft.com/en-us/library/windows/apps/hh849625.aspx

In the following code, unTrustedData has "on-click", but "window.toStaticHTML" removes the " on-click='calltoUnsafeCode();' " . But I would like to use the similar function. How can I use "on-click"? Thanks.

// The untrusted data contains unsafe dynamic content
var unTrustedData = "<img src='http://www.contoso.com/logo.jpg' on-click='calltoUnsafeCode();'/>";

// Safe dynamic content can be added to the DOM without introducing errors
var safeData = window.toStaticHTML(unTrustedData);

// The content of the data is now
// "<img src='http://www.contoso.com/logo.jpg'/>"
// and is safe to add because it was filtered
document.write(safeData);

Answer 1

You cannot.  The click event would be considered code.  toStatic removes this.  The data is not 'safe' if you have untrusted data that is not your own as this would open up the chance for malicious code.  Are you trying to do something specific or simply was curious how this works?

-Jeff

---

Jeff Sanders (MSFT)

Answer 2

I have a list of images, and on each image, I would like to add "onClick = function1(imageID)". After I "used window.toStaticHTML", it removed the "onClick =  function1()". I want to know how to onclick for this case? Thanks.

Answer 3

Hi,

Base on my understanding , you can use document.createElement to create img tags. Then attach event handlers to them, and later add them to DOM. Something like:

var img = document.createElement("img");

img.addEventListener("click", yourClickHandler);

yourParent.children.append(img);

Best Regards,

Ming Xu.

---

Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework