Is angular prevents http level vulnerabilities?

Posted by Jessica Taylor | Updated on

Angular has built-in support for preventing http level vulnerabilities such as as cross-site request forgery (CSRF or XSRF) and cross-site script inclusion (XSSI). Even though these vulnerabilities need to be mitigated on server-side, Angular provides helpers to make the integration easier on the client side.

  1. HttpClient supports a token mechanism used to prevent XSRF attacks
  2. HttpClient library recognizes the convention of prefixed JSON responses(which non-executable js code with “)]}’,\n” characters) and automatically strips the string “)]}’,\n” from all responses before further parsing

If you like this question & answer and want to contribute, then write your question & answer and email to freewebmentor[@]gmail.com. Your question and answer will appear on FreeWebMentor.com and help other developers.

Related Questions & Answers