Hi Arnoud, I don't think there is a way around this little dance, without exposing yourself to even bigger XSS concerns. The angular sanitizer does a reasonably good job, but don't expect it to be flawless. Quill does some work to prevent this too, but again.. trusting user input is dangerous no matter what. Have a look at this <https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet>. (Go read, I'll still be here when you return.) ...
(Ah, there you are again, welcome back). Feeling slightly depressed now? Worst part yet has to come: The chance that that list is complete is about 0(ZERO!)% New attack vectors are found often. At least you need to inspect your new data on your server too. But not all is lost, here are some things <https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet> you can do. Regards Sander -- You received this message because you are subscribed to the Google Groups "Angular and AngularJS discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
