fix[angular-gen2]: embed and custom code block and text block angular sanitizing html warning

[sidmohanty11]

Description

Uses https://angular.dev/api/platform-browser/DomSanitizer to mark text as safe html to use inside innerHTML. As text is already sanitized from the HTML editor we should be able to bypass it safely. This only shows up in the dev server and we don't receive these warnings in a prod build.

Fixes Embed and Custom Code block wrapping them inside sanitizer.bypassSecurityTrustHtml so that they allow embedding of iframe

Fixes #3793

Jira
https://builder-io.atlassian.net/browse/ENG-7950
https://builder-io.atlassian.net/browse/ENG-7901

Screenshot
Before


After

[changeset-bot]

🦋 Changeset detected

Latest commit: 076db35

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@builder.io/sdk-angular	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 076db35.

Command	Status	Duration	Result
nx test @e2e/sveltekit	✅ Succeeded	7m 30s	View ↗
nx test @e2e/qwik-city	✅ Succeeded	7m 22s	View ↗
nx test @e2e/nextjs-sdk-next-app	✅ Succeeded	7m 34s	View ↗
nx test @e2e/nuxt	✅ Succeeded	7m 3s	View ↗
nx test @e2e/react-sdk-next-pages	✅ Succeeded	6m 7s	View ↗
nx test @e2e/gen1-remix	✅ Succeeded	6m 19s	View ↗
nx test @e2e/react-native	✅ Succeeded	5m 22s	View ↗
nx test @e2e/gen1-next15-app	✅ Succeeded	4m 53s	View ↗
Additional runs (34)	✅ Succeeded	...	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-01-15 05:37:01 UTC

[samijaber]

Have these angular tests been failing sporadically before this PR?

[sidmohanty11]

@samijaber no these are related to changes I've made here. Turns out the text component is triggering ngAfterViewChecked if the parent dom element has a mouseenter event listener calling the getter frequently when we hover and sanitizer.bypassSecurityTrustHtml(processedText) is creating a new object everytime its called resulting in non-interactivity. This I think should be fixed from #3812 because it removes the getter and the text will only update when its updated from the block itself

[sidmohanty11]

@samijaber this was needed for Embed and Custom Code block as well so I extended this PR to fix them too

[samijaber]

long-term I think this should be baked into mitosis: the angular generator should always use sanitizer.bypassSecurityTrustHtml for innerHTML (maybe with a flag to force-disable the sanitizer if needed)

[sidmohanty11]

great idea, i've created a ticket for it

[samijaber]

We now pass json as the 2nd arg for cost plugins: https://github.com/BuilderIO/mitosis/blob/f3fabea5d912662e5e6454fd0f9088cb98c72f65/packages/core/src/modules/plugins.ts#L44-L84

This lets you do cleaner checks, like ['Text', 'Embed', 'CustomCode'].includes(json.name)

[sidmohanty11]

done!

[samijaber]

long-term I think this should be baked into mitosis: the angular generator should always use sanitizer.bypassSecurityTrustHtml for innerHTML (maybe with a flag to force-disable the sanitizer if needed)