Anditthas Anditthas - 11 months ago 103
AngularJS Question

angular translate sanitize / escape

I got a strange or maybe intended behavior with angular translate.

Our value strategie is


We use mostly the translate filter in our application, but when it comes to special characters we get for example instead of Überschrift something like &#220 ;berschrift.

If I use the directive it works.

If I use the filter this only works when the sanitize strategy is set to "escaped".

Is there another solution than to rewrite ALL the translation filters to directives?

Here is my plnkr

For your information,
I can't simply use the "escaped" strategy, because we use angular translate variables as well and these variables contain sometimes even html tags.


Answer Source

Use sanitizeParameters instead of sanitize. Here is the fixed plnkr:

(EDIT: 07/10/2016): There is a significant difference between the two sanitization strategies. sanitizeParameters sanitizes the interpolation parameters and not the translated output. That means that it doesn't allow for changes in those parameters, but the translated content is still vulnerable since it's not sanitized. What I like to do is use $translateProvider.useSanitizeValueStrategy('escape','sanitizeParameters'); when using UTF-8 characters to ensure that all content is either sanitized or escaped. However, that means that you wouldn't be able to use any HTML in your translations, which might not be an option for some people (like the OP in this case).

The problem with sanitize and UTF-8 characters is a known issue and I believe it's being worked on.