I am working on an angular app that has a textarea. The contents of this textarea are then used to populate a preview of the entered text. All of this is done on the client. I am worried that someone will be able to inject code into my app e.g.
<html>
<script>/*Some script here*/</script>
</html
I have pretty much no experience with code injection. Is this a legitimate concern? If anyone needs more information to assess this risk please do not hesitate to ask. Thanks in advance.
Use ngSanitize, just inject the module in the app and you are "safe"