Table of Contents Vulnerabilities in angular js framework
What is angularjs ?
Angular JS is a framework by Google (originally developed by Misko Hevery and Adam Abrons) which helps us in building powerful Web Apps. It is a framework to build large scale and high performance web application while keeping them as easy-to-maintain.
Vulnerabilities in angular js
Security Policy (CSP) Bypass: Affected versions of the package are vulnerable to CSP Bypass. Extension URIs (resource://…) bypass Content-Security-Policy in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacker can load Angular from the extension, and Angular’s auto-bootstrapping can be used to bypass the victim site’s CSP protection.
Cross-site Scripting (XSS): angular is an HTML enhanced for web apps.
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via ideographic space chararcters in URIs.
Browsers mutate attributes values such as javascript:alert(1) when they are written to the DOM via innerHTML in various vendor specific ways. In Chrome (<62), this mutation removed the preceding "whitespace" resulting in a value that could end up being executed as JavaScript.
Here is an example of what could happen:
// Code goes here
var h1 = document.querySelector('h1');
h1.innerHTML = 'CLICKME‘;
var innerHTML = h1.innerHTML;
console.log(innerHTML);
h1.innerHTML = innerHTML;
The sanitizer contains a bit of code that triggers this mutation on an inert piece of DOM, before angular sanitizes it.
Cross-site Scripting (XSS): angularjs is a toolset for building the framework suited to your application development.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through SVG files if enableSvg is set.
JSONP Callback Attack: angular is an open-source JavaScript framework, maintained by Google, that assists with running single-page applications with the goal of making development and testing easier by augmenting browser-based applications with model–view–controller (MVC) capability.
Affected versions of the package are vulnerable to JSONP Callbacks attacks.JSONP (JSON with padding) is a method used to request data from a server residing in a different domain than the client.Any url could perform JSONP requests, allowing full access to the browser and the JavaScript context. This can lead to Cross-site Scripting.
Remediation:
• Use Angular, as it is a very secure framework:
– Contextually-aware encoding
– Strict contextual escaping
– Separation of HTML and JavaScript
– CSP compatible
• Do not mix server-side and client-side templates
• Do not directly use user-input in expressions
• Check plugins for security issues and use the latest version
• Embrace the Angular Migration from 1 to 4.
At Valency Networks, we understand your web application and perform framework specific checks mentioned above. Our expertise in this matter enables us to be very accurate in terms of our vulnerability finding
Resources: https://snyk.io/test/npm/angular/1.5.8
: https://en.wikipedia.org/wiki/AngularJS
