AngularJS中ng-bind-html的使用需要$sce控制代码安全检查

首先需要在index.html中加载 sanitize

<script type="text/javascript" src="jsLib/angular-sanitize.js"></script>

app.js 路由中注入 'ngSanitize'

var sxApp = angular.module('sxApp', ['ngRoute','ngSanitize']);

使用ng-bind-html，绑定的值需要 $sce.trustAsHtml 进行安全检查

sxApp.controller('NewsCtrl', [
    '$rootScope',
    '$scope',
    '$sce',
    function($rootScope, $scope, $sce) {
    
    ... ...

   $scope.currentNews = data;
   $scope.trustHtml = $sce.trustAsHtml(data.content);

    ... ...
   
    }]);

【注】：ng-bind-html不能用在<textarea>中，必须在div中

<div ng-bind-html="trustHtml"> </div>

【$sce的使用】

$sce.trustAs(type,name);
$sce.trustAsUrl(value);
$sce.trustAsHtml(value);
$sce.trustAsResourceUrl(value);
$sce.trustAsJs(value);