Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Building Web Apps with Spring 5 and Angular

You're reading from   Building Web Apps with Spring 5 and Angular Modern end-to-end web application development

Arrow left icon
Product type Paperback
Published in Aug 2017
Publisher Packt
ISBN-13 9781787284661
Length 370 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Ajitesh Kumar Shukla Ajitesh Kumar Shukla
Author Profile Icon Ajitesh Kumar Shukla
Ajitesh Kumar Shukla
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Introduction to Spring Web Framework FREE CHAPTER 2. Preparing the Spring Web Development Environment 3. Data Access Layer with Spring and Hibernate 4. Testing and Running Spring Web App 5. Securing Web App with Spring Security 6. Getting Started with Angular 7. Creating SPA with Angular and Spring 5 8. Unit Testing with Angular Apps 9. Securing an Angular App 10. Integrating Angular App with Spring Web APIs 11. Deploying the Web Application

Securing an app from XSS


As discussed in one of the earlier sections, XSS attacks happen when attackers are able to inject malicious code (JavaScript) into the HTTP request/response or store them in database. Thereby, updating the DOM tree as the malicious code gets executed as part of page getting loaded. Execution of malicious code may result in scenarios such as users' data getting stolen or session being hijacked, and so on. In order to prevent XSS attacks, the key is to prevent attackers from injecting malicious code into the DOM tree. The following is an Angular security model for preventing XSS attacks:

  • By default, Angular sanitizes all data: All values are treated as unsafe by Angular. That essentially means that all values before getting updated to DOM tree are sanitized and escaped appropriately.
  • Avoid dynamic generation of template code: Template code such as HTML, attributes, and binding expressions are considered to be trusted data by Angular. Thus, as a recommended practice,...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime