2

I have been trying to study XSS on Angular JS and found that ng-bind and ng-bind-html prevents XSS against arbitrary user input which has already been encoded by html-encode in server site. How exactly does this work ? Is there any way to by pass this so that XSS could be executed ?

Abiral Shrestha
  • 21
  • 2

1 Answers1

0

ng-bind-html usages $sce.getTrustedHtml to sanitise the passed html.

vivex
  • 2,496
  • 1
  • 25
  • 30