$sceDelegateProvider
Configure trusted resource URL policies and URL sanitization for SCE.
Use $sceDelegateProvider to control which resource URLs AngularTS may load for
contexts such as templates, includes, iframes, and other resource fetches. It
also owns the URL allowlists used when sanitizing bound link and media URLs.
Exact provider members are documented in TypeDoc:
Trusted Resource URLs
Allow same-origin resources with self, exact strings, wildcard strings, or
regular expressions.
angular.module('app', []).config(($sceDelegateProvider) => {
$sceDelegateProvider.trustedResourceUrlList([
'self',
'https://cdn.example.com/**',
]);
});
Banned Resource URLs
Banned patterns override trusted patterns. Use them to block a narrower path inside a broader trusted origin.
angular.module('app', []).config(($sceDelegateProvider) => {
$sceDelegateProvider.bannedResourceUrlList([
'https://cdn.example.com/private/**',
]);
});
URL Sanitization
Configure trusted URL patterns for links and media sources before templates are compiled.
angular.module('app', []).config(($sceDelegateProvider) => {
$sceDelegateProvider.aHrefSanitizationTrustedUrlList(/^https?:/);
$sceDelegateProvider.imgSrcSanitizationTrustedUrlList(
/^\s*((https?|file|blob):|data:image\/)/,
);
});
See also $sce.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.