Hi Matt, Let try to answer your concerns.
1. No, I have not. 2. Only if you don't trust AngularJS. 3. Yes, While I do not thing this is a security issue, it might be an issue that is simple to fix, and don't throw up tools like fortify any more is a plus. Let me expand a bit on #2. The tool like you are using is normally use to (dynamically) check scripts you have to include for 3rth party stuff (ads/social stuff mostly). You don't want any of those scripts to manipulate things like the history. However, in the way Angular gets used mostly, history manipulation might just be what you need. You even want redirect your app to some other location, this is actually quite common. On the security site of things. Basically, if you insert a single 3rth party script, you are screwed. If there is an browser-plugin, you are screwed. If you have users, (you know the one, with the username/password on a sticky, in view!) you are ... There is no such thing as a secure client-side app. That is including wep-app's who might be even a tad more insecure. But it is also including ALL kind of other apps. Some suggest that native apps are more secure, but thats not true.. If you expose a data-channel from your server to the outer-world, you better secure that rigorously. And that's about what you can do. All the above does not mean you can throw your hands in the air, and neglect all the security stuff above, you need all of that, otherwise you are putting out really low hanging fruits. Regards Sander -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
