AngularJS News
#AngularJS Stories for Web Architects, Builders, Ninjas and the like. Also checkout @ReactJS_News and @AngularJobs.
- If you trust a value that can be malicious, you will likely introduce a security vulnerability into your application.
- Injecting template code into an Angular application is the same as injecting executable code into the application; it gives the attacker full control over the application.
- But binding a potentially attacker controlled value into innerHTML would normally cause an XSS vulnerability.
- Never generate template source code by concatenating user input and templates!
- Using the offline template compiler is an effective way to prevent these vulnerabilities, also known as template injection.
@angularjs: “Write safer apps thanks to @martin_probst & angular author @_clarkio! New Security Guide:” open tweet »
