AngularJS is a JavaScript framework for developing the client side of single page web applications. Use this tag for all versions of the framework.
Questions tagged [angularjs]
41 questions
0
votes
0 answers
Dealing with CVE-2022-2584 in Angular JS
The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS). There aren't many details available around this issue. Since this version of Angular is out of support, I'm looking for the right ways to fix and test…
ScrapCode
- 101
- 1
0
votes
0 answers
JavaScript API calls in Browser security
We want to develop a JavaScript application (with Angular) which will communicate with various other systems via API calls. For example, a checkout page where all entered information should be sent to another application via API. This contains very…
sweetly
- 1
0
votes
0 answers
setAttributeNS XSS Vulnerability
Im fixing some security issues that AppScan found on my Angular Application, one of them is the insecure use of "setAttributeNS()"
I use this method in my application to inject some namespaces in the correct htmlElemnt
I have reader about the…
0
votes
2 answers
Cookie-to-header token CSRF protection
I have the Angular application where CSRF protection is implemented using Cookie-to-header token. It is default AngularJS mechanism to counter CSRF, which uses cookie XSRF-TOKEN and header X-XSRF-TOKEN. Only JavaScript that runs on my domain can…
user187205
- 1,163
- 3
- 15
- 24
0
votes
0 answers
How to evade Angular HTML sanitizer for XSS
I'm trying to evade the HTML sanitizer in a field I found more vulnerable in my application to test some XSS injection.
The field that I'm trying to exploit is a dropdown with the following code. The vulnerable field is this classNameId, which…
davis
- 101
- 2
0
votes
1 answer
Application design to avoid XSS & CSRF attacks
I am learning to design a system where it can be guarded against XSS & CSRF attack. I'll quickly list down my understanding and then raise questions. It's a simple case of fraud that I am trying to avoid. Steps mentioned below are executed by…
Always a newComer
- 121
- 3
0
votes
1 answer
empty angular application has some ad links in the source code
I've started to learn angular and I've just followed some tutorials. I've created my application using the command:
ng new my-first-app
and then I've started it using:
ng serve
After my application started, I've looked in the source code and I've…
Buda Gavril
- 255
- 1
- 2
- 5
0
votes
2 answers
What are the best practices to secure an Angular & Spring web project?
I'm creating WEB project in Angular4 and Spring. This is educational project for my learning.
I want to encrypt some data in Angular and then store it in backend. Idea is to not have any acces to user data in backend - user will be more sure that…
Rysic Rychu
- 1
- 1
- 2
0
votes
2 answers
Is inserting url parameters directly into the page safe in angular 2+?
So the other day at work I noticed this code in one of our web apps:
this.activatedRoute.params.subscribe(params => {
this.a = params['b'];
});
and then in the HTML:
{{a}}
So basically if I navigate to http://example.com/lol the string "lol"…
Tudor
- 309
- 2
- 8
-3
votes
1 answer
Secuirty related certification/training for .NET Developers
I would like to know if there are any Free certifications related to writing secure code that myself and our team of .NET/AngularJS web-developers take up,
So that we can write secure code and also assure our customers that the developers of their…
Guru Kara
- 95
- 3
-4
votes
1 answer
Get MAC address of client using PHP, Angular js, jQuery/JavaScript
ipAddress=$_SERVER['REMOTE_ADDR'];
$macAddr=false;
#run the external command, break output into lines
$arp=`arp -a $ipAddress`;
$lines=explode("\n", $arp);
#look for the output line describing our IP address
foreach($lines as $line)
{
…
akhil
- 1
- 1
- 1