Alright, I have some good news. Angular is basically already just secure as it is. It should be resistant to malicious input and XSS attacks. Input handling breaks down into three categories, validation (is an email an email?), sanitizing (take user data and rip out the bad stuff such as a script tag), and escaping (encoding potentially bad data in lieu of ripping it out). Create a CSP (content security policy) for your app. helmet was recommend to help with as much.
No comments:
Post a Comment