63 - Sink Javascript Angular Strict Contextual Escaping

Links



https://docs.angularjs.org/api/ng/service/$sce

https://codeql.github.com/codeql-query-help/javascript/js-angular-disabling-sce/

Bad example



This code snippet disables Strict Contextual Escaping, something that
should never be done in proper application.

var app = angular.module('MyApp', []).config(function ($sceProvider) {
    $sceProvider.enabled(false);
});