Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UseHttpImageSourcePipeModule does not work with [style.background-image] #127

Open
Abvirk opened this issue Aug 15, 2022 · 1 comment
Open

UseHttpImageSourcePipeModule does not work with [style.background-image] #127

Abvirk opened this issue Aug 15, 2022 · 1 comment
Labels
bug Something isn't working New Issue ng-utils @this-dot/ng-utils package related issues

Comments

@Abvirk
Copy link

Abvirk commented Aug 15, 2022

What package and version are you using?

0.1.9

What browser are you using?

Chrome

What operating system are you using?

Windows

Actual Behavior

I have in using UseHttpImageSourcePipeModule to load authorized images. Its working fine with [src] attribute of image. When I try to use it with [style.background-image] attribute of div it always shows loading default image.
Here is my code.

Expected Behavior

It should load image, as its loading image in [src] attribute.

Reproduction

Additional Information

No response
@Abvirk Abvirk added bug Something isn't working New Issue labels Aug 15, 2022
@Abvirk Abvirk changed the title UseHttpImageSourcePipeModule does not with [style.background-image] UseHttpImageSourcePipeModule does not work with [style.background-image] Aug 15, 2022
@TapaiBalazs TapaiBalazs added the ng-utils @this-dot/ng-utils package related issues label Aug 17, 2022
@TapaiBalazs
Copy link
Contributor

@Abvirk Thank you very much for reporting this issue. I have investigated it a little and found the following:

The pipe's return type is string | SafeUrl. In case of images that are fetched with the httpClient inside the pipe, they are going to be blob urls like blob:http://localhost:4200/30e63884-d292-4516-9cdd-9e0b45023db5.

For these blob urls, the pipe calls this.domSanitizer.bypassSecurityTrustUrl(unsafeBlobUrl)) which will turn the return value into a SafeUrl.

I was able to reproduce your reported issue with the following code snippet:

<ng-container *ngIf="'https://thisdot-open-source.s3.us-east-1.amazonaws.com/public/success.png' | useHttpImgSrc as url">
    <div class="bg-image"
         [style.background-image]="'url(' + url + ')'"

    >
      should have background
    </div>

  </ng-container>

In this scenario the [style.background-image] gets a SafeUrl object when the image gets loaded successfully. I was able to work around the issue with the following code snippet:

<ng-container *ngIf="'https://thisdot-open-source.s3.us-east-1.amazonaws.com/public/success.png' | useHttpImgSrc as url">
    <div class="bg-image"
         [style.background-image]="'url(' + (url.changingThisBreaksApplicationSecurity ? url.changingThisBreaksApplicationSecurity : url) + ')'"

    >
      should have background
    </div>

  </ng-container>

I hope that the above workaround unblocks you for the time being, I assure you that we are going to look into how to fix this.

Possible solutions to the issue:

  • Make the pipe configurable, so with a configuration option it would skip the sanitisation part for such cases.
  • Create a new/separate pipe that skips the santitisation part
  • Create a background-image pipe that handles the url() wrapping as well and it is only usable for [style.background-image] bindings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working New Issue ng-utils @this-dot/ng-utils package related issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TapaiBalazs @Abvirk