Strict Contextual Escaping (SCE) is a security feature in AngularJS that helps protect against cross-site scripting (XSS) attacks. It is designed to prevent the injection of potentially dangerous content into web applications by escaping or sanitizing user-generated content. To systematically block XSS security bugs, AngularJS treats all values as untrusted by default in HTML or sensitive URL bindings. When binding untrusted values, AngularJS will automatically run security checks on them (sanitizations, trusted URL resource, depending on context), or throw when it cannot guarantee the security of the result.
Disabling SCE will void your application of these security measures and hence is strongly discouraged.
angular.module('myAppWithSceDisabled', []).config(function($sceProvider) {
$sceProvider.enabled(false); // should not be set to `false`
});
angular.module('myAppWithSceDisabledmyApp', []).config(function($sceProvider) {
$sceProvider.enabled(true); // or do not set this at all since it is `true` by default
});