angular-security-XSS

Demo for how Angular automatically applies XSS defenses

import { Component } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser'

@Component({
  selector: 'app-root',
  template: `
    <h3>Angular automatically applies XSS defenses</h3>
    
    <input #i (input)="null"/>
    <br />
    {{i.value}}
    
    {{hack}}
        
    <div [innerHTML]="hack"></div>
    <a [href]="hackURL">untrusted URL</a>

    <!--div-- [innerHTML]="sanitizer.bypassSecurityTrustHtml(hack)"></!--div-->
  `,
})
export class AppComponent {
  hack = `<img src="a.png" onerror="alert(1)"/>`
  hackURL = `javascript:alert(1)`

  constructor(private sanitizer: DomSanitizer) { }
}

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
app.component.ts		app.component.ts
app.module.ts		app.module.ts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

app.component.ts

app.component.ts

app.module.ts

app.module.ts

Repository files navigation

angular-security-XSS

About

Releases

Packages

Contributors 2

Languages

asaadsaad/angular-security-XSS

Folders and files

Latest commit

History

Repository files navigation

angular-security-XSS

About

Topics

Resources

Stars

Watchers

Forks

Languages