Angular - XSS Injection > Toshal Infotech Pvt. Ltd

Angular - XSS Injection

Posted by Anuja Patel on March 10, 2022 17:43

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Steps of prevention for your Angular application:

Install xss package.

npm install -- save xss

Create a function in new file xss-errors.ts

import { AbstractControl, ValidationErrors } from '@angular/forms';

import xss from 'xss';

export function XssError(control: AbstractControl): ValidationErrors | null {

const value: string = control.value;

if (value === undefined || value === null || value.length === 0) {

return undefined;

}

const strResult = xss(value, {

whiteList: {},

stripIgnoreTag: true,

stripIgnoreTagBody: ['script'],

});

if (strResult.includes('[removed]')) {

return { XssError: true };

}

return undefined;

}

ng add @angular/material
In app.component.html

<br/>

<div class="errorMessage" *ngIf="!!firstName.errors && firstName.errors['required']">Required!</div>

<div class="errorMessage" *ngIf="!!firstName.errors && firstName.errors['XssError']">Invalid name!</div>

<br/>

</form>

In app.component.ts

import { Component, OnInit } from '@angular/core';

import { FormControl, FormGroup, Validators } from '@angular/forms';

import { XssError } from './xss-errors';

@Component({

selector: 'app-root',

templateUrl: './app.component.html',

styleUrls: ['./app.component.scss'],

})

export class AppComponent implements OnInit {

title = 'angular-xss';

formGroup: FormGroup;

ngOnInit(): void {

this.formGroup = new FormGroup({

firstName: new FormControl('Anuja', [Validators.required, XssError]),

});

}

save(): void {

if (this.formGroup.invalid) {

return;

}

get firstName() { return this.formGroup.get('firstName'); }

}

In app.component.scss

.form {

padding: 20px;

}

.errorMessage {

color: red;

font-weight: 700;

padding: 2px;

}

.input {

padding: 10px;

}

.button {

border-radius: 5px;

border: 1px solid white;

background-color: pink;

padding: 15px;

cursor: pointer;

}

Output:

Words from our clients

"Toshal Infotech helped me launch my MVP in 4 weeks. Got my first paying customers before writing a line of backend code. Total game changer."

— Ankit Shah, SaaS Founder
"Toshal Infotech turned my idea into a working MVP in just 30 days. Their AI-powered solutions helped us validate the market fast and scale confidently. Truly impressive execution."

— Priya Mehta, Startup Co-Founder
"Partnering with Toshal Infotech was the smartest move we made. Our MVP went live in under a month, and we started getting real user feedback instantly. Phenomenal team, top-notch delivery."

— James Müller, SaaS Founder
"I couldn't believe how quickly we went from concept to product. In 4 weeks, we had a live MVP, a clean UI, and customer signups rolling in. Toshal Infotech knows startups."

— Rahul Verma, Tech Entrepreneur
"Launching a market-ready MVP in 30 days sounded too good to be true—until Toshal Infotech made it happen. No fluff, just results. Highly recommend for early-stage founders."

— Sarah Thompson, Product Strategist

Tell Us About Your Project

contact me

We’ve done lot’s of work, Let’s Check some from here

View All Projects

Do You Have Any Project?

We are ready to take your project to the next level. Don’t hesitate to contact us. Our awesome and creative team will bring you the best solution.

Send Project Details

Toshal Infotech

Our company has been developing high-quality and reliable software for corporate needs since 2008. We are renowned professionals of software development.