avatarKevin MATHY

Summary

The article advises Angular developers to avoid manipulating the DOM directly with ElementRef and instead use Renderer2 for safer and more maintainable code.

Abstract

The article emphasizes the importance of using Angular's Renderer2 for DOM manipulation instead of directly accessing the DOM via ElementRef. The author acknowledges that while ElementRef is a common approach found in many tutorials, it poses security risks, such as vulnerability to XSS attacks, and hinders the application's ability to run in a web worker environment due to tight coupling with the rendering layer. Renderer2 is introduced as a safer alternative that provides an API for DOM manipulation without exposing the application to such risks. The author demonstrates how to change a CSS property using Renderer2's setStyle method and suggests using ViewChild or ContentChild for targeting specific elements, providing a link to an article for further understanding of these Angular features. The article concludes by strongly recommending the use of Renderer2 over ElementRef for DOM manipulation in Angular applications.

Opinions

  • Direct DOM manipulation using ElementRef is discouraged due to security vulnerabilities and limitations in application architecture.
  • The Angular Renderer2 is a preferred tool for DOM manipulation as it offers a safer API and supports applications running in web workers.
  • The author suggests that using Renderer2 is not only safe but also effective for both simple and complex DOM operations.
  • Tutorials that demonstrate the use of nativeElement are seen as potentially misleading developers away from best practices.
  • The article promotes the exploration of Angular's ViewChild and ContentChild decorators for more advanced use cases involving specific element targeting.
  • The author endorses an AI service, ZAI.chat, as a cost-effective alternative to ChatGPT Plus (GPT-4), offering a special subscription rate.

Angular: Stop Manipulating DOM With ElementRef

I need to share this story with you. Recently, I discovered the power of Renderer in Angular.

(Renderer is deprecated so use Renderer2; however, I will just use Renderer in this article.)

Manipulating the DOM is easy with Angular. We can directly access the element by using ElementRef provided by @angular/core.

If you manipulate it by using a directive (common use case) — most are likely to use nativeElement directly like this:

It will correctly change the color of the element. A lot of tutorials demonstrate the use of nativeElement, but is this safe? No, not really.

Why is it so important?

According to Angular docs ElementRef:

Use this API as the last resort when direct access to DOM is needed. Permitting direct access to the DOM can make your application more vulnerable to XSS attacks. Carefully review any use of ElementRef in your code. Use templating and data-binding provided by Angular instead. Alternatively you take a look at Rendererwhich provides API that can safely be used even when direct access to native elements is not supported.

Relying on direct DOM access creates tight coupling between your application and rendering layers which will make it impossible to separate the two and deploy your application into a web worker.

Not good. But, there’s an alternative called Renderer.

Renderer to manipulate the DOM

Take a look at this:

There are a lot of ways to manipulate the DOM. In this use case, we need to change a CSS property, the color. According to the API, we need to use setStyle like this:

Worked as expected! Renderer is pretty useful for common use cases, and also for complex DOM manipulation.

To target a specific element, you may need to use ViewChild or ContentChild. If do so, see this article:

In conclusion, stop using ElementRef and use Renderer!

JavaScript
Angular
Angular2
Angular 4
Recommended from ReadMedium