0

I am confused about ElementRef using in Angular 8. I read that permitting direct access to the DOM can make your application more vulnerable to XSS attacks. I am scared about it. Experts, please guide me. My code is mentioned below:

import { Component, OnInit, ViewChild, ElementRef } from '@angular/core';

then

@ViewChild("elem", { static: false }) elem: ElementRef;

and use it as:

this.elem.nativeElement.classList.add('current');

Another, page I use the following code:

import { Component, OnInit, ViewChild, ElementRef } from '@angular/core';
constructor(private elRef: ElementRef){}

and use as:

let elements = this.elRef.nativeElement.querySelectorAll(".roundIcon");
console.log(elements);

Please guide that two methods are XSS attacks safe? Thanks in advance.

Prashant Pimpale
  • 10,349
  • 9
  • 44
  • 84
Code Lover
  • 723
  • 1
  • 10
  • 24
  • 4
    If u use @ViewChild /@ViewChildren, that is the secure angular way. Dont use Documenta.getElementById for example, as this is not the angular way and insecure – sagat Aug 14 '19 at 07:43
  • Okay. Thanks.. :-) – Code Lover Aug 14 '19 at 07:45
  • 1
    This is quite a comprehensive answer: https://stackoverflow.com/questions/42834226/elementref-security-risk-angular-2 – sagat Aug 14 '19 at 08:24

0 Answers0