AngularJS adds “unsafe” before links

Recently, I experienced an annoying issue after having upgraded my application from angularjs 1.6 to angularjs 1.7.

Consider the following link:

This is a technique I like to use to simulate a link. Basically, defining the “href” attribute to “javascript:void(0)” along with “ng-click” allowed me to add a link executing JavaScript code instead of simply redirecting the user to another page.

However, angularjs 1.7 comes with a feature marking the “javascript” protocol as unsafe, so all the links with the aforementioned format were transformed in:

Even though “Chrome” has no issue with this, “Firefox” and “Edge” don’t quite like it. Of course, it’s not a browser issue, it’s not normal to have this “unsafe:” thingy in the link, so how did I fix it?

Well, I had to configure the compiler service to allow the “javascript” protocol like this:

The “aHrefSanitizationWhitelist” function allows us to define a white list of accepted protocols.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.