Angular 17 live!! 🔥

🚀 The Ultimate Angular Adapter for TanStack Query | by Netanel Basal | Nov, 2023 | Netanel Basal
https://netbasal.com/the-ultimate-angular-adapter-for-tanstack-query-fac41b244c6f

Angular Official Docs are pretty great! Security in #Angular is important! 🔐

Things you should remember!!! 👇

🔐 Best Practices

➼ Stay updated with Angular library releases.
➼ Avoid altering Angular core
➼ Steer clear of APIs marked "Security Risk".

🔐 XSS Prevention

➼ Block malicious code entry to DOM.
➼ Angular treats all values as untrusted by default.
➼ Sanitizes values inserted into DOM from templates.
➼ Templates are trusted; avoid creating them with user input.

🔐 Sanitization and Security Contexts

➼ Angular sanitizes values for HTML, styles, URLs.
➼ Context-specific: HTML, Style, URL, Resource URL.
➼ Development mode warnings for sanitization changes.

🔐 Direct DOM API Use & Explicit Sanitization

➼ Use Angular templates over direct DOM interaction.
➼ For unavoidable cases, use Angular sanitization functions.

🔐 Trusting Safe Values

➼ Use DomSanitizer for necessary executable code or URLs.
➼ Context-specific methods liek bypassSecurityTrustHtml.

🔐 Content Security Policy (CSP)

➼ Prevents XSS via web server configuration.
➼ Requires unique per-request nonces for Angular to render styles.

🔐 Enforcing Trusted Types

Use HTTP headers with one of the following Angular Policies:
➼ angular
➼ angular#unsafe-bypass
➼ angular#unsafe-jit
➼ angular#bundler

🔐 Server-side XSS Protection

➼ Avoid creating Angular templates on the server side.
➼ Use templating languages that auto-escape values.

🔐 HTTP-level Vulnerabilities

➼ Built-in support for CSRF/XSRF and XSSI.
➼ Cooperate server and client for anti-XSRF technique.

🔐 Auditing Angular Applications

➼ Follow regular web app security principles.
➼ Audit Angular-specific APIs marked as sensitive.

More in depth look can be found in Docs: https://angular.dev/guide/security

Tree-shakable by default | blog | Matthieu Riegler
https://riegler.fr/blog/2023-10-08-tree-shakable-as-default

Krypto im Advent -> für den Security Nachwuchs!

gerne auch teilen...

https://krypto-im-advent.de | https://www.linkedin.com/posts/dalini_krypto-im-advent-activity-7126553451487989761-S7RZ?utm_source=share&utm_medium=member_desktop | https://x.com/ektoplant/status/1720781860136001776?s=20

In den meisten Geschäften startet die Weihnachtsdeko - also wird es auch wieder Zeit sich für 🎄 Krypto im Advent 2023 🎄 anzumelden!

Das Online-Weihnachtstürchen-Gewinnspiel 🎁 für angehende Krypto-Experts: Entry-Level Klasse 3-6 und in Klasse 7-10 für Fortgeschrittene!

Jetzt anmelden und ab 01.12. mit rätseln 💻 und gewinnen!
Profis dürfen auch mitmachen aber ohne Gewinnoption! 😉

Alle Details findet ihr auf https://krypto-im-advent.de

#mint #schule #krypto #securityculture

DOM reading and writing with new lifecycle hooks in Angular - DEV Community
https://dev.to/railsstudent/dom-reading-and-writing-with-new-lifecycle-hooks-in-angular-4n7e

Navigating the Nuances of toSignal in Angular: What to Know | by Netanel Basal | Nov, 2023 | Netanel Basal
https://netbasal.com/navigating-the-nuances-of-tosignal-in-angular-what-to-know-e4d6a4b5dfaf