Wednesday, August 08, 2012 5:50 AM
I read the article at : http://msdn.microsoft.com/en-us/library/windows/apps/hh849625.aspx
In the following code, unTrustedData has "on-click", but "window.toStaticHTML" removes the " on-click='calltoUnsafeCode();' " . But I would like to use the similar function. How can I use "on-click"? Thanks.
// The untrusted data contains unsafe dynamic content
var unTrustedData = "<img src='http://www.contoso.com/logo.jpg' on-click='calltoUnsafeCode();'/>";
// Safe dynamic content can be added to the DOM without introducing errors
var safeData = window.toStaticHTML(unTrustedData);
// The content of the data is now
// "<img src='http://www.contoso.com/logo.jpg'/>"
// and is safe to add because it was filtered
Wednesday, August 08, 2012 12:43 PMModerator
You cannot. The click event would be considered code. toStatic removes this. The data is not 'safe' if you have untrusted data that is not your own as this would open up the chance for malicious code. Are you trying to do something specific or simply was curious how this works?
Jeff Sanders (MSFT)
- Proposed As Answer by Jeff SandersMicrosoft Employee, Moderator Wednesday, August 08, 2012 12:43 PM
Wednesday, August 08, 2012 4:35 PMI have a list of images, and on each image, I would like to add "onClick = function1(imageID)". After I "used window.toStaticHTML", it removed the "onClick = function1()". I want to know how to onclick for this case? Thanks.
Thursday, August 30, 2012 11:29 AMModerator
Base on my understanding , you can use document.createElement to create img tags. Then attach event handlers to them, and later add them to DOM. Something like:
var img = document.createElement("img");
- Marked As Answer by Dino HeModerator Friday, September 14, 2012 9:26 AM