Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Angular 2+ Sanitize Form Input for XSS attacks

Tags:

angular

xss

angular2-forms

sanitization

I am developing a web application using Angular2 Beta.

My forms include simple Text fields and Text areas which accept input from the user and the data is displayed back in the application.

These fields are not meant to take any HTML input and render them back in HTML format.

I tried entering simple javascript code like

<script>alert("XSS");</script>

It is displayed as it is without running the malicious code. :)

I would like to check if my application is vulnerable to XSS attacks.

Does Angular 2+ sanitize the user inputs by default?

like image 684
Bhargav Avatar asked May 16 '16 12:05

Bhargav

1 Answers

Yes it does! Angular2 provides a built-in, enabled by default, anti XSS protection named DomSanitizationService.

like image 73
Daniel Gartmann Avatar answered Oct 20 '22 12:10

Daniel Gartmann
Sign in to Comment

Related questions

control.setParent is not a function when dymanically creating formGroup
How to add custom CSS files globally for angular 6 project
Angular & NGRX prevent selector from emitting identical value on state change when values are equal
Why code indentation or prettify added semicolon in WebStorm?
Hide column Mat-Table Angular
cdkDragHandle in angular material mat-table has no effect
Google login in Angular 7 with .NET Core API
Angular TypeError: "provider.ngAfterViewInit is not a function at callProviderLifecycles"
Angular OnPush: how do I force changes to be detected from outside?
@ngrx/reducer: createReducer(), and on() are not being type-safe?
Angular 9 Locale data for 'en-US' cannot be found. No locale data will be included for this locale
When should I create a new Subscription for a specific side effect?
Unknown error: Error: No valid exports main found for 'C:\Users\UTKARSH SRIVASTAVA\AppData\Roaming\npm\node_modules\@angular\cli\node_modules\uuid'
How to do a simple text input bind in Angular 2?
Assign the output of a pipe in angular2 to a variable
how do I fire onload events for elements within component html in angular2
Angular2 + Scala Play2?
Get a reference to a component of current route in Angular 2's router?
Angular 2 Base Class Output EventEmitter doesn't get raised or handled
How to import non-core npm modules in Angular 2 e.g. (to use an encryption library)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!