Martijn van den Bergh
Reputation: 1554
Angular 4 Sanitizing/escaping query parameters
How do i securely use any query parameters that i receive? I have read about DOM sanitizing in Angular 4, but i can't find anything about securely using query parameters in angular 4.
Example:
https://www.myangularproject.com/?parameter1=value
I want to avoid that people inject there own code or scripts as value
Upvotes: 2
Views: 2063
Answers (1)
Armen Vardanyan
Reputation: 3315
Make sure that the parameter can be securely casted to the type of data that you expect it to be (if you expect a number, make sure '+queryParam' is not NaN, and so on), never use eval on data from the queryParams. You can be rest assured about putting queryParams values inside the DOM, as it is being sanitized by Angular before interpolating it to the view. This, I think, should do.
Upvotes: 1
Related Questions
- What should I use to replace queryParamsHandling in Angular 12?
- How to encode query params containing special characters in Angular 7?
- how to sanitize url for angular 4
- How to escape angular HttpParams?
- Parameter in Url in Angular badly escaped
- Angular 9 how to stop query param encoding
- Angular interpolating {{ }} in url params, is there a way to sanitize the url?
- Handling query parameters with multiple question marks in Angular 2
- queryParams in Angular 2 being encoded, how do I prevent this from happening?
- Sending reserved character as URL parameter value