Merge pull request #701 from Vunnm/patch-1

specify condition to perform Angular JS Injection
swisskyrepo · Jan 5, 2024 · f96c1e4 · f96c1e4
2 parents cbc6e78 + 27d1981
commit f96c1e4
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/XSS Injection/XSS in Angular.md b/XSS Injection/XSS in Angular.md
@@ -6,6 +6,8 @@ The following payloads are based on Client Side Template Injection.
 
 ### Stored/Reflected XSS - Simple alert in AngularJS
 
+`ng-app` directive must be present in a root element to allow the client-side injection (cf. [AngularJS: API: ngApp](https://docs.angularjs.org/api/ng/directive/ngApp)).
+
 > AngularJS as of version 1.6 have removed the sandbox altogether
 
 AngularJS 1.6+ by [Mario Heiderich](https://twitter.com/cure53berlin)