In my Angular 6 application, I would like to check if the given route does not contain any miscellaneous cross-site scripting code like adding a javascript URL or anything which can expose critical data to a third party.
Here is the below code where I am to check if the URL is safe or not, like if the URL contains iframe or javascript injection. but this not give any flag whether it is safe or not.
let's say URL is like this.
https://localhost/MyApp/%60%22%22%3E%3Ciframe srcdoc=%22<img src=x:x onerror=alert(document.cookie)>%22%3E%3C/iframe%3E%60
// in app.component.ts
this.router.events
.filter(event => event instanceof RoutesRecognized)
.map((event: RoutesRecognized) => {
console.log("test", this._sanitizer.sanitize(SecurityContext.URL,
event.state.url));
// here I want to proceed if anything fishy here and will route to 404 page.
}
any idea here, on how to prevent such csrf/xsrf.
You can refer below links, which might be helpful to you.
Link1 Link2