Sometimes the applications genuinely need to include executable code such as displaying <iframe>
from an URL. In this case, we need to prevent automatic sanitization in Angular by saying that we inspected a value, checked how it was generated, and made sure it will always be secure. Basically it involves 2 steps,
- Inject DomSanitizer: We can inject DomSanitizer in component as parameter in constructor
- Mark the trusted value by calling some of the below methods
- bypassSecurityTrustHtml
- bypassSecurityTrustScript
- bypassSecurityTrustStyle
- bypassSecurityTrustUrl
- bypassSecurityTrustResourceUrl