I am developing a web application using the beta version of Angular2.
My forms include simple text fields and text areas that accept input from the user, and the data is displayed in the application.
These fields are not intended for entering HTML data and returning it in HTML format.
I tried to enter simple javascript code like
<script>alert("XSS");</script>
It appears as without malicious code. :)
I would like to check if the application is vulnerable to XSS attacks.
Does Angular2 provide reorganization of user inputs by default?
source share