Is it secure to use window.location.href directly in Angular

Is it secure to use window.location.href without any validation?

For example:

    navigateUsingUrl(url: string) {
       window.location.href = url}

And calling this function:

    this.navigateUsingUrl('https://www.google.com')

Checkmarx throwing this issue This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.



Read more here: https://stackoverflow.com/questions/68485891/is-it-secure-to-use-window-location-href-directly-in-angular

Content Attribution

This content was originally published by Ratnesh... at Recent Questions - Stack Overflow, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: