'DomSanitizer Security Context Explained
Im new in the XSS prevention understanding, Im working in an angular application that has some url with have string values attached and are marked as insecure by AppScan(an external security app scanner)
So as I learned about the XSS and reflected XSS I learned I need to sanitize my inputs before adding them to a url string, in which I can use the method DomSanitizer by angular and after reading the documentation im still wondering witch security context I should use to sanitize mi input also I don't understand them very clearly to be able to determinate with security context use in wichi case
This is a example of one of my url
var origin=`/services/${response.Id}` //respone.Id is a string
window.open(this.sanitizer.sanitize(SecurityContext.URL,origin), '_blank')
window.open(`/services/${response.Id}`,'_blank')//Marked as insecure use of window.open (Cross-site Scripting Reflected)
Is this the security context I should use? what would be the difference in the other security context?
SecurityContext.HTML
SecurityContext.RESOURCE_URL
SecurityContext.STYLE
SecurityContext.SCRIPT
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|