https://github.com/angular/angular/blob/main/aio/content/guide/roadmap.md
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
angular/aio/content/guide/roadmap.md at main · angular/angular
Deliver web apps with confidence 🚀. Contribute to angular/angular development by creating an account on GitHub.
- new logo
- new web site for documentation(https://angular.dev/)
- finished tasks with hydration (SSR)
- new syntax „Control Flow“
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2❤1
🚀 The Ultimate Angular Adapter for TanStack Query | by Netanel Basal | Nov, 2023 | Netanel Basal
https://netbasal.com/the-ultimate-angular-adapter-for-tanstack-query-fac41b244c6f
https://netbasal.com/the-ultimate-angular-adapter-for-tanstack-query-fac41b244c6f
Medium
🚀 The Ultimate Angular Adapter for TanStack Query
Angular Official Docs are pretty great! Security in #Angular is important! 🔐
Things you should remember!!! 👇
🔐 Best Practices
➼ Stay updated with Angular library releases.
➼ Avoid altering Angular core
➼ Steer clear of APIs marked "Security Risk".
🔐 XSS Prevention
➼ Block malicious code entry to DOM.
➼ Angular treats all values as untrusted by default.
➼ Sanitizes values inserted into DOM from templates.
➼ Templates are trusted; avoid creating them with user input.
🔐 Sanitization and Security Contexts
➼ Angular sanitizes values for HTML, styles, URLs.
➼ Context-specific: HTML, Style, URL, Resource URL.
➼ Development mode warnings for sanitization changes.
🔐 Direct DOM API Use & Explicit Sanitization
➼ Use Angular templates over direct DOM interaction.
➼ For unavoidable cases, use Angular sanitization functions.
🔐 Trusting Safe Values
➼ Use DomSanitizer for necessary executable code or URLs.
➼ Context-specific methods liek bypassSecurityTrustHtml.
🔐 Content Security Policy (CSP)
➼ Prevents XSS via web server configuration.
➼ Requires unique per-request nonces for Angular to render styles.
🔐 Enforcing Trusted Types
Use HTTP headers with one of the following Angular Policies:
➼ angular
➼ angular#unsafe-bypass
➼ angular#unsafe-jit
➼ angular#bundler
🔐 Server-side XSS Protection
➼ Avoid creating Angular templates on the server side.
➼ Use templating languages that auto-escape values.
🔐 HTTP-level Vulnerabilities
➼ Built-in support for CSRF/XSRF and XSSI.
➼ Cooperate server and client for anti-XSRF technique.
🔐 Auditing Angular Applications
➼ Follow regular web app security principles.
➼ Audit Angular-specific APIs marked as sensitive.
More in depth look can be found in Docs: https://angular.dev/guide/security
Things you should remember!!! 👇
🔐 Best Practices
➼ Stay updated with Angular library releases.
➼ Avoid altering Angular core
➼ Steer clear of APIs marked "Security Risk".
🔐 XSS Prevention
➼ Block malicious code entry to DOM.
➼ Angular treats all values as untrusted by default.
➼ Sanitizes values inserted into DOM from templates.
➼ Templates are trusted; avoid creating them with user input.
🔐 Sanitization and Security Contexts
➼ Angular sanitizes values for HTML, styles, URLs.
➼ Context-specific: HTML, Style, URL, Resource URL.
➼ Development mode warnings for sanitization changes.
🔐 Direct DOM API Use & Explicit Sanitization
➼ Use Angular templates over direct DOM interaction.
➼ For unavoidable cases, use Angular sanitization functions.
🔐 Trusting Safe Values
➼ Use DomSanitizer for necessary executable code or URLs.
➼ Context-specific methods liek bypassSecurityTrustHtml.
🔐 Content Security Policy (CSP)
➼ Prevents XSS via web server configuration.
➼ Requires unique per-request nonces for Angular to render styles.
🔐 Enforcing Trusted Types
Use HTTP headers with one of the following Angular Policies:
➼ angular
➼ angular#unsafe-bypass
➼ angular#unsafe-jit
➼ angular#bundler
🔐 Server-side XSS Protection
➼ Avoid creating Angular templates on the server side.
➼ Use templating languages that auto-escape values.
🔐 HTTP-level Vulnerabilities
➼ Built-in support for CSRF/XSRF and XSSI.
➼ Cooperate server and client for anti-XSRF technique.
🔐 Auditing Angular Applications
➼ Follow regular web app security principles.
➼ Audit Angular-specific APIs marked as sensitive.
More in depth look can be found in Docs: https://angular.dev/guide/security
angular.dev
Home • Angular
The web development framework for building modern apps.
Just ignore 😅
Please open Telegram to view this post
VIEW IN TELEGRAM