Angular - XSS Injection > Toshal Infotech Pvt. Ltd

Toshal Infotech

10
Mar 2022
Angular - XSS Injection

Posted by Anuja Patel on March 10, 2022 17:43
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Steps of prevention for your Angular application:
1. Install xss package.
npm install -- save xss
1. Create a function in new file xss-errors.ts
import { AbstractControl, ValidationErrors } from '@angular/forms';

import xss from 'xss';

export function XssError(control: AbstractControl): ValidationErrors | null {

  const value: string = control.value;

  if (value === undefined || value === null || value.length === 0) {

    return undefined;

  }

  const strResult = xss(value, {

    whiteList: {},

    stripIgnoreTag: true,

    stripIgnoreTagBody: ['script'],

  });

  if (strResult.includes('[removed]')) {

    return { XssError: true };

  }

  return undefined;

}
1. ng add @angular/material
2. In app.component.html
<form class="form" [formGroup]="formGroup">

  <h2>XSS Demo</h2>

  <input class="input" formControlName="firstName" />

  <br/>

  <div class="errorMessage" *ngIf="!!firstName.errors && firstName.errors['required']">Required!</div>

  <div class="errorMessage" *ngIf="!!firstName.errors && firstName.errors['XssError']">Invalid name!</div>

  <br/>

  <a class="button" (click)="save()">Save</a>

</form>
1. In app.component.ts
import { Component, OnInit } from '@angular/core';

import { FormControl, FormGroup, Validators } from '@angular/forms';

import { XssError } from './xss-errors';

@Component({

  selector: 'app-root',

  templateUrl: './app.component.html',

  styleUrls: ['./app.component.scss'],

})

export class AppComponent implements OnInit {

  title = 'angular-xss';

  formGroup: FormGroup;

  ngOnInit(): void {

    this.formGroup = new FormGroup({

      firstName: new FormControl('Anuja', [Validators.required, XssError]),

    });

  }

  save(): void {

    if (this.formGroup.invalid) {

      return;

    }

  }

  get firstName() { return this.formGroup.get('firstName'); }

}
1. In app.component.scss
.form {

  padding: 20px;

}

.errorMessage {

  color: red;

  font-weight: 700;

  padding: 2px;

}

.input {

  padding: 10px;

}

.button {

  border-radius: 5px;

  border: 1px solid white;

  background-color: pink;

  padding: 15px;

  cursor: pointer;

}

Output:

0 Years in
Operation

0 Loyal
Clients

0 Successful
Projects

Words from our clients

Toshal is an incredible team to work with. I'm always able to trust their technical proficiency in any project I give them, but where they stand apart is how collaborative and hardworking they are. Anytime we work together, I'm always 100% confident the work will be completed on time and as expected. I love working with Toshal!
Eric Seidel (Atlanta, GA, USA)
We are pleased to recommend our longtime partner, Toshal Infotech Pvt. Ltd. For over a decade, we relied on Ashish’s team at Toshal to provide us with timely development services and expert advice in a range of web technologies and assist us with occasional graphics and design assignments. We look forward to working with this group for many more years.
Bo Simmons (Atlanta, GA, USA)
Toshal Infotech Pvt. Ltd. has been a trusted web development partner for our company for nearly a decade. They are responsive, effective, and so wonderful to work with. We are lucky to have found such a great partnership.
Kristen Everett (Atlanta, GA, USA)
Always a pleasure to work with Toshal Infotech Pvt. Ltd. Great work, fast delivery, pleasant and polite seller. Definitely recommended.
Very helpful seller. Works well and delivers good work. Very happy with everything. Would recommend and will use again.
As always, a pleasure working with you - I can't believe how quick you did this update for me.thank you so much. looking forward to working with you on many more projects to come :)
FANTASTIC service - I'm amazed at how fast they managed to turn this modification to my app around. the level of service and communication was flawless, absolutely brilliant. they are not only good and incredibly skilled at what they do, they are also friendly and have GREAT communication skills. I will definitely be using you again :) thank you
seller is very good and delivered in time..worth buying..
Very happy to work again with them. They are always proactive in solving everything and the communication is great too.
We needed an android app on a deadline. They exceeded our expectations in every way, communication was great, and they worked in a very responsible way. Will definitely work with them again.

Tell Us About Your Project

contact me

We’ve done lot’s of work, Let’s Check some from here

View All Projects

Do You Have Any Project?

We are ready to take your project to the next level. Don’t hesitate to contact us. Our awesome and creative team will bring you the best solution.

Send Project Details

Our company has been developing high-quality and reliable software for corporate needs since 2008. We are renowned professionals of software development.

Angular - XSS Injection

By Author

By Year

Words from our clients

Tell Us About Your Project

We’ve done lot’s of work, Let’s Check some from here

Do You Have Any Project?

We are ready to take your project to the next level. Don’t hesitate to contact us. Our awesome and creative team will bring you the best solution.

Menu

What We Offer

Our contacts

Surat

Pune