XSS vulnerability?


#1

Hello I have this annoying issue with input fields in Ionic (or maybe Angular in general). If I insert anything like this:

<img src='doesnotexist.jpg' onerror='alert(4)' />

in an input field. It is actually evaluated and an alert is shown. It can then be saved and other users will also be presented with this alert.

Is there any way to prevent this? Thanks!


#2

You need to provide more details but if it can be saved somewhere then its a serious issue, if not then i think its probably fine. User can’t share URL to your app with XSS in query like in websites. You can use Content Security Policy (CSP) to prevent XSS.