Typescript Use Of Bypass Security Trust
Description
Detects unsafe usage of Angular's bypassSecurityTrustUrl method which bypasses built-in sanitization. This creates a risk of Cross-Site Scripting (XSS) attacks when untrusted data is passed through this method since it tells Angular to trust potentially malicious URLs without sanitization.
Detection Strategy
• Look for calls to DomSanitizer.bypassSecurityTrustUrl() in the codebase
• Identify when the bypassSecurityTrustUrl method is used with user-controllable input
• Flag any instances where untrusted or user-provided data is passed to bypassSecurityTrustUrl as this could enable XSS attacks
• Check if the URL parameter being passed to bypassSecurityTrustUrl comes from an unsafe source like user input, query parameters, or HTTP responses
Vulnerable code example
import { Component } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
@Component({
selector: 'app-unsafe',
template: `
<div [innerHTML]="content"></div>
`...✅ Secure code example
import { Component } from '@angular/core';
import { DomSanitizer } from '@angular/platform-browser';
import DOMPurify from 'dompurify';
@Component({
selector: 'app-unsafe',
template: `
<div [innerHTML]="content"></div>...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.