Improve input sanitization of URL attributes #2573
Labels
scope:webapp
Changes to all the webapps.
type:task
Issues that are a change to the project that is neither a feature nor a bug fix.
This issue was imported from JIRA:
Currently, the information in the URL is treated as safe. This is not best practice.
Acceptance Criteria (Required on creation):
Hints (Optional):
Options:
Patch the routeProvider and locationProvider to escape dangerous strings on access
Pro: all access using angular services covered
Con: access over
window.location
not covered, patching angular internals might be trickyCreate a URL watcher that replaces the URL as changes are made
Pro: All access is covered
Con: Might cause a feedback loop with other watchers
Links:
The text was updated successfully, but these errors were encountered: