Do I need to explicitly sanitize all inputs, or does Angular already do it for me?
I have a login form - when submitted it sends it's data to the server. Does the data require explicit sanitization, or Angular automatically sanitize all input fields?
Do I need to explicitly sanitize all inputs, or does Angular already do it for me?
I have a login form - when submitted it sends it's data to the server. Does the data require explicit sanitization, or Angular automatically sanitize all input fields?
the data entered gets evaluated for user ? Is it redisplayed somewhere in the application ? Or do you ask if it will be sanitized before being sent to your server ?
– Arnaud Denoyelle
Commented
Apr 10, 2019 at 14:14
I appreciate your questions, it may be useful to others. Under no circumstances should the backed ever trust the front end, no framework, no custom library, nothing. If someone can exploit, inject, or otherwise harass your backed, they will, period. They will do so bypassing any front end framework or library and make direct requests to the endpoint, masquerading as anything necessary to do so.
And as @etarhan said, read this: https://angular.io/guide/security
No. If it's on the frontend then the user can change it in their browser, edit requests inflight and so on. Your sanitisation should be handled in the backend where the user cannot manipulate it.
I would also strongly remend finding a framework for your backend language rather than reinventing the wheel.