English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
!DOCTYPE html
<html>
<head>
<meta charset="utf-8">
<script src="https://cdn.staticfile.org/angular.js/1.4.6/angular.min.js></script>
</head>
<body ng-app="" ng-csp>
<div>
<p>My first expression: {{ 5 + 5 }}</p>
</div>
<p>Use ng-csp instruction, you can modify the way AngularJS executes code.</p>
<p>The execution method of AngularJS has been improved 30% performance</p>
</body>
</html>Test to see ‹/›ng-csp Instruction is used to modify the security policy of AngularJS.
If used ng-csp Directives, AngularJS will not execute eval function, thus preventing the injection of inline styles.
to ng-csp Directives are set to no-unsafe-eval, will prevent AngularJS from executing eval functions, but allow the injection of inline styles.
to ng-csp Directives are set to no-inline-style, it will prevent AngularJS from injecting inline styles, but allow the execution of eval functions.
If you are developing a Google Chrome extension or a Windows application ng-csp Directives are required.
Note:ng-csp Directives do not affect JavaScript, but it will change the way AngularJS works, which means: you can still write The eval function can be executed normally, but AngularJS cannot execute its own eval function. If compatibility mode is used, it will reduce 30% performance.
<element ng-csp="no-unsafe-eval | no-inline-style"></element>
| Value | Description |
|---|---|
| no-unsafe-eval no-inline-style | The value can be set to empty, which means that eval and inline styles are not allowed. One of the values can be set. You can also set two values separated by a semicolon, but this has the same effect as leaving it blank. |