Angular

Security & Best Practices

XSS protection, CSRF, sanitization, DomSanitizer, Content Security Policy, authentication, authorization, JWT

20 interview questionsยท
Senior
1

What is an XSS (Cross-Site Scripting) attack?

Answer

An XSS attack involves injecting malicious JavaScript code into a web application to execute it in users' browsers. The attacker exploits validation flaws to steal sensitive data (cookies, tokens) or manipulate the DOM. Angular automatically protects against this type of attack through sanitization of content injected into templates.

2

How does Angular automatically protect against XSS attacks?

Answer

Angular automatically sanitizes all values injected into templates via interpolation or property binding. The DomSanitizer analyzes the content and removes any potentially dangerous code before displaying it. This protection is applied by default without additional configuration, ensuring that untrusted HTML, URLs, and styles are cleaned.

3

What is the DomSanitizer in Angular?

Answer

DomSanitizer is an Angular service that cleans untrusted content before injecting it into the DOM. It analyzes HTML, URLs, styles, and scripts to detect and remove potentially dangerous elements. This service also provides bypassSecurityTrust* methods to explicitly mark content as safe when the source is trusted and verified.

4

In which contexts does Angular apply automatic sanitization?

5

What is a CSRF (Cross-Site Request Forgery) attack?

+17 interview questions

Other Angular interview topics

TypeScript Basics

Junior
25 questions

TypeScript Advanced

Junior
20 questions

Angular Fundamentals

Junior
20 questions

Components & Lifecycle

Junior
20 questions

Services & Dependency Injection

Junior
20 questions

Angular Modules Organization

Mid-Level
22 questions

Angular CLI

Junior
18 questions

Directives & Pipes

Mid-Level
22 questions

Routing & Navigation

Mid-Level
24 questions

Reactive Forms

Mid-Level
26 questions

Template-driven Forms

Mid-Level
16 questions

RxJS Fundamentals

Mid-Level
22 questions

RxJS Operators

Mid-Level
24 questions

HttpClient & API Calls

Mid-Level
22 questions

Basic State Management

Mid-Level
20 questions

Change Detection

Mid-Level
20 questions

Angular Signals

Mid-Level
20 questions

Standalone Components

Mid-Level
18 questions

Angular Unit Testing

Mid-Level
22 questions

End-to-End Testing

Mid-Level
18 questions

Build & Optimization

Mid-Level
20 questions

NgRx Fundamentals

Senior
24 questions

NgRx Advanced

Senior
24 questions

Angular Architecture

Senior
22 questions

Performance Optimization

Senior
22 questions

Advanced RxJS Patterns

Senior
22 questions

Angular Universal & SSR

Senior
20 questions

Angular Micro-frontends

Senior
20 questions

Master Angular for your next interview

Access all questions, flashcards, technical tests, code review exercises and interview simulators.

Start for free