$sceDelegate is a service that is used by the $sce service to provide Strict Contextual Escaping (SCE) services to AngularJS.

Typically, you would configure or override the $sceDelegate instead of the $sce service to customize the way Strict Contextual Escaping works in AngularJS. This is because, while the $sce provides numerous shorthand methods, etc., you really only need to override 3 core functions (trustAs, getTrusted and valueOf) to replace the way things work because $sce delegates to $sceDelegate for these operations.

Refer $sceDelegateProvider to configure this service.

The default instance of $sceDelegate should work out of the box with little pain. While you can override it completely to change the behavior of $sce, the common case would involve configuring the $sceDelegateProvider instead by setting your own whitelists and blacklists for trusting URLs used for loading AngularJS resources such as templates. Refer $sceDelegateProvider.resourceUrlWhitelist and $sceDelegateProvider.resourceUrlBlacklist

Usage

$sceDelegate();

Methods

`trustAs(type, value);`

Returns an object that is trusted by angular for use in specified strict contextual escaping contexts (such as ng-bind-html, ng-include, any src attribute interpolation, any dom event binding attribute interpolation such as for onclick, etc.) that uses the provided value. See $sce for enabling strict contextual escaping.

Parameters

Param	Type	Details
type	string	The kind of context in which this value is safe for use. e.g. url, resourceUrl, html, js and css.
value	*	The value that that should be considered trusted/safe.

Returns

*	A value that can be used to stand in for the provided `value` in places where Angular expects a $sce.trustAs() return value.

`valueOf(value);`

If the passed parameter had been returned by a prior call to $sceDelegate.trustAs, returns the value that had been passed to $sceDelegate.trustAs.

If the passed parameter is not a value that had been returned by $sceDelegate.trustAs, returns it as-is.

Parameters

Param	Type	Details
value	*	The result of a prior `$sceDelegate.trustAs` call or anything else.

Returns

*	The `value` that was originally provided to `$sceDelegate.trustAs` if `value` is the result of such a call. Otherwise, returns `value` unchanged.

`getTrusted(type, maybeTrusted);`

Takes the result of a $sceDelegate.trustAs call and returns the originally supplied value if the queried context type is a supertype of the created type. If this condition isn't satisfied, throws an exception.

Disabling auto-escaping is extremely dangerous, it usually creates a Cross Site Scripting (XSS) vulnerability in your application.

Parameters

Param	Type	Details
type	string	The kind of context in which this value is to be used.
maybeTrusted	*	The result of a prior `$sceDelegate.trustAs` call.

Returns

*	The value the was originally provided to `$sceDelegate.trustAs` if valid in this context. Otherwise, throws an exception.