Javascript Use Of Bypass Security Trust
Description
Detects usage of bypassSecurityTrustUrl method in Angular applications, which bypasses Angular's built-in URL sanitization. This is dangerous as it can enable XSS attacks by allowing untrusted URLs to be processed as trusted without proper sanitization.
Detection Strategy
• Identifies calls to DomSanitizer.bypassSecurityTrustUrl() in JavaScript/TypeScript code
• Reports a vulnerability when bypassSecurityTrustUrl is used, as it explicitly disables Angular's security checks
• Examines function calls and method invocations in the code to find uses of this security bypass mechanism
Vulnerable code example
import { Component } from "@angular/core";
@Component({
selector: "my-app",
template: `<div>{{content}}</div>`
})
export class UnsafeComponent {
constructor(private sanitizer) {}...✅ Secure code example
import { Component } from "@angular/core";
import { DomSanitizer } from "@angular/platform-browser";
@Component({
selector: "my-app",
template: `<div [innerHTML]="content"></div>` // Use innerHTML binding for sanitized content
})
export class SafeComponent {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.