AngularJS News
#AngularJS Stories for Web Architects, Builders, Ninjas and the like. Also checkout @ReactJS_News and @AngularJobs.
- If you trust a value that can be malicious, you will likely introduce a security vulnerability into your application.
- But binding a potentially attacker controlled value into innerHTML would normally cause an XSS vulnerability.
- Never generate template source code by concatenating user input and templates!
- Using the offline template compiler is an effective way to prevent these vulnerabilities, also known as template injection.
- The offline template compiler prevents a whole class of vulnerabilities called template injection, and also greatly improves application performance.
@angularjs: “Write safer apps thanks to @martin_probst & angular author @_clarkio! New Security Guide:” open tweet »
