The cross-site scripting attack doesn’t cover application-level security and for the applications security will need to implements authentication and authorization.
As you know -
1. Authentication - Who is this user?
2. Authorization - What can this user do?
Best Practices to Application Level Security -
1. Keep updated releases of Angular library. Actually, the security team regularly update the fixes of security and defects in latest versions.
2. Don't add any custom hack on Angular library. It will create the problem to update the latest library.
3. You Must Prevent Trusting safe values
4. You Must Follow the HTTP level vulnerabilities
5. You Must Prevent Cross-site request forgery (CSR Fattacks)
6. You Must Prevent Cross-site script inclusion (XSSI)
7. You Must Prevent Security Policy (CSP)
8. Avoid direct use of the DOM APIs
9. Use the offline template compiler
10. Try Server-side XSS protection
Angular Sanitization and Security Contexts -
1. The HTML is used when interpreting a value as HTML (for example - when binding to innerHtml).
2. The CSS Style is used when binding CSS into the style property.
3. URL is used for URL properties like <a href="">.
4. Resource URL is a URL that will be loaded and executed as code, such as <script src="">
I hope you are enjoying with this post! Please share with you friends!! Thank you!!!