AngularJS: API: ngSanitize



The ngSanitize module provides functionality to sanitize HTML.

See $sanitize for usage.


First include angular-sanitize.js in your HTML:

    <script src="angular.js">
    <script src="angular-sanitize.js">

You can download this file from the following places:

  • Google CDN
    e.g. //
  • Bower
    bower install angular-sanitize@X.Y.Z

where X.Y.Z is the AngularJS version you are running.

Then load the module in your application by adding it as a dependent module:

  angular.module('app', ['ngSanitize']);

With that you're ready to get started!

Module Components


Name Description

Finds links in text input and turns them into html links. Supports http/https/ftp/mailto and plain email address links.


Name Description

The input is sanitized by parsing the html into tokens. All safe tokens (from a whitelist) are then serialized back to properly escaped html string. This means that no unsafe input can make it into the returned string, however, since our parser is more strict than a typical browser parser, it's possible that some obscure input, which would be recognized as valid HTML by a browser, won't make it through the sanitizer. The whitelist is configured using the functions aHrefSanitizationWhitelist and imgSrcSanitizationWhitelist of $compileProvider.