Best practices
The following are some of the best practices recommended by Angular in order to enhance web security:
- Use the most up-to-date Angular libraries in the app. Attackers do exploit the security vulnerabilities present in previous versions. This is in line with one of the OWASP top 10 security vulnerabilities such as "Using Components with Known Vulnerabilities".
- Avoid modifying the copy of Angular libraries. Doing so would lead to one getting stuck with that particular version of Angular, thus preventing one to update the Angular to latest version.
- Use
DomSanitizer
APIs such asbypassSecurityTrust
methods with utmost care. - Avoid making use of Angular APIs which are marked as Security Risk in the documentation.