Worried about html/script injection in angular app

3.8k views Asked by At

I am working on an angular app that has a textarea. The contents of this textarea are then used to populate a preview of the entered text. All of this is done on the client. I am worried that someone will be able to inject code into my app e.g.

<html>
    <script>/*Some script here*/</script>
</html

I have pretty much no experience with code injection. Is this a legitimate concern? If anyone needs more information to assess this risk please do not hesitate to ask. Thanks in advance.

1

There are 1 answers

2
michelem On

Use ngSanitize, just inject the module in the app and you are "safe"