2

How do i securely use any query parameters that i receive? I have read about DOM sanitizing in Angular 4, but i can't find anything about securely using query parameters in angular 4.

Example:

https://www.myangularproject.com/?parameter1=value

I want to avoid that people inject there own code or scripts as value

Improve this question

1 Answer 1

Reset to default
1

Make sure that the parameter can be securely casted to the type of data that you expect it to be (if you expect a number, make sure '+queryParam' is not NaN, and so on), never use eval on data from the queryParams. You can be rest assured about putting queryParams values inside the DOM, as it is being sanitized by Angular before interpolating it to the view. This, I think, should do.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for the answer. So you are saying that i should escape it myself and that there is no automatic Angular sanitation for query parameters? This wasn't clear in the docs of Angular, hence the question
There is no need in "sanitizing" it, just don't use eval on it and make sure to cast it to the expected type (because queryParams always emit strings). So essentially, yes, you do not have much work to do on this one

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.