I’m using a query parameter (lets call it url), to set a src of an embed tag on my page.
So going to localhost:4200/show?url=“http://outsideresource.com/image.svg” should give you a page with the svg image embedded.
The minimal template for page show would look like this:
<embed src="{{page}}"/>
But somehow “http://outsideresource.com/image.svg” gets replaced with “unsafe:http://outsideresource.com/image.svg”.
Does anybody know why?