Security
Priority: P0 (CRITICAL)
Principles
- •XSS Prevention: Angular sanitizes by default. Do NOT use
innerHTMLunless absolutely necessary. - •Bypass Security: Avoid
DomSanitizer.bypassSecurityTrust...unless the content source is trusted. - •Route Guards: Protect all sensitive routes with
CanActivateFn.
Guidelines
- •CSP: Configure Content Security Policy headers on the server.
- •HTTP: Use Interceptors to attach secure tokens (HttpOnly cookies preferred over LocalStorage tokens).
- •Secrets: NEVER store secrets (API keys) in Angular code.
References
Related Topics
common/security-standards | components