docs(guide/security) add more info about template generation #15033

petebacondarwin · 2016-08-17T07:04:41Z

We should enumerate the ways the Angular template can be generated.

Reflecting it from the server response is the most popular way, but there are XSS bugs using other compilation sinks in e.g. directives that are not obvious (e.g. $compile(userControlled) and $eval(userControlled).

gkalpak · 2016-09-10T18:46:15Z

Is this covered by #15094 or did you have something different in mind?

petebacondarwin · 2016-09-12T11:41:11Z

Covered. Thanks

petebacondarwin added the type: docs label Aug 17, 2016

petebacondarwin added this to the 1.5.9 milestone Aug 17, 2016

Narretz changed the title ~~docs(guide/security) add more info about template access~~ docs(guide/security) add more info about template generation Aug 17, 2016

petebacondarwin closed this as completed Sep 12, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs(guide/security) add more info about template generation #15033

docs(guide/security) add more info about template generation #15033

petebacondarwin commented Aug 17, 2016

gkalpak commented Sep 10, 2016

petebacondarwin commented Sep 12, 2016

docs(guide/security) add more info about template generation #15033

docs(guide/security) add more info about template generation #15033

Comments

petebacondarwin commented Aug 17, 2016

gkalpak commented Sep 10, 2016

petebacondarwin commented Sep 12, 2016