In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade angularjs
to version 1.2.2 or higher.
Affected versions of this package are vulnerable to Protection Bypass via ng-attr-action
and ng-attr-srcdoc
allowing binding to Javascript.
The fix was to require bindings to form[action]
to be $sce.RESOURCE_URL
and bindings to iframe[srcdoc]
to be $sce.HTML