说实话，所有的答案似乎都是错的。使用this. saniizer . bypasssecuritytrustresourceurl (url)仅绕过安全性，并将url视为SafeResourceUrl。但是，给定的url仍然可能是恶意的，导致安全违规。医生也这么说:https://angular.io/api/platform-browser/DomSanitizer#bypassSecurityTrustResourceUrl

一个解决方案是首先调用sanitizer，然后将sanitizer的返回值传递给bypassSecurityTrustResourceUrl，如下所示:

this.sanitizer.bypassSecurityTrustResourceUrl (this.sanitizer.sanitize (SecurityContext。URL、URL))

通过这种方式，您可以清除任何恶意代码，然后绕过表示这确实是一个安全url的安全性。

这样我就可以使用Angular 5.2.0了

fileName.Component.ts

import { Component, OnInit, Input } from '@angular/core';
import { DomSanitizer, SafeResourceUrl } from '@angular/platform-browser';

@Component({
  selector: 'app-sample',
  templateUrl: './fileName.component.html',
  styleUrls: ['./fileName.component.scss']
})

export class FileName implements OnInit {
  @Input()
  url: string = "https://www.mmlpqtpkasjdashdjahd.com";
  urlSafe: SafeResourceUrl;

  constructor(public sanitizer: DomSanitizer) { }

  ngOnInit() {
    this.urlSafe= this.sanitizer.bypassSecurityTrustResourceUrl(this.url);
  }

}

fileName.Component.html

<iframe width="100%" height="100%" frameBorder="0" [src]="urlSafe"></iframe>

伙计们，就这些!!

这对我很有用

我在iframe中定义了一个id

<iframe id="embeddedPage"></iframe>

在组件中，我使用了这段代码

export class YourComponent implements OnInit {
    
  constructor() {}

  ngOnInit(): void {
    const iframe =  document.getElementById('embeddedPage') as HTMLIFrameElement;
    iframe.contentWindow.location.replace('your url');
  }

}

我也遇到过这个问题，但为了在我的angular模块中使用安全管道，我安装了安全管道npm包，你可以在这里找到。仅供参考，这在Angular 9.1.3中是有效的，我还没有在其他版本的Angular中尝试过。下面是如何一步一步地添加它:

Install the package via npm install safe-pipe or yarn add safe-pipe. This will store a reference to it in your dependencies in the package.json file, which you should already have from starting a new Angular project. Add SafePipeModule module to NgModule.imports in your Angular module file like so: import { SafePipeModule } from 'safe-pipe'; @NgModule({ imports: [ SafePipeModule ] }) export class AppModule { } Add the safe pipe to an element in the template for the Angular component you are importing into your NgModule this way:

<element [property]="value | safe: sanitizationType"></element>

下面是一些在html元素中使用safePipe的具体例子:

<div [style.background-image]="'url(' + pictureUrl + ')' | safe: 'style'" class="pic bg-pic"></div>
<img [src]="pictureUrl | safe: 'url'" class="pic" alt="Logo">
<iframe [src]="catVideoEmbed | safe: 'resourceUrl'" width="640" height="390"></iframe>
<pre [innerHTML]="htmlContent | safe: 'html'"></pre>

祝贺!¨^ ^ 我有一个简单有效的解决方案给你，是的!

<iframe width="100%" height="300" [attr.src]="video.url"></iframe

[attr。Src]而不是Src ”视频。而不是{{video.url}}

伟大的,)

我通常添加单独的安全管道可重用组件如下

# Add Safe Pipe

import { Pipe, PipeTransform } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';

@Pipe({name: 'mySafe'})
export class SafePipe implements PipeTransform {
    constructor(private sanitizer: DomSanitizer) {
    }

    public transform(url) {
        return this.sanitizer.bypassSecurityTrustResourceUrl(url);
    }
}

# then create shared pipe module as following 

import { NgModule } from '@angular/core'; 
import { SafePipe } from './safe.pipe';
@NgModule({
    declarations: [
        SafePipe
    ],
    exports: [
        SafePipe
    ]
})
export class SharedPipesModule {
}

# import shared pipe module in your native module

@NgModule({
    declarations: [],
    imports: [
        SharedPipesModule,
    ],
})
export class SupportModule {
}

<!-------------------
call your url (`trustedUrl` for me) and add `mySafe` as defined in Safe Pipe
---------------->
<div class="container-fluid" *ngIf="trustedUrl">
    <iframe [src]="trustedUrl | mySafe" align="middle" width="100%" height="800" frameborder="0"></iframe>
</div>