24Kas
Does other frontend framework have similar issue like AngularJS?
I'm reading an article that talks about XSS exploitation on AngularJS,
AngularJS will render the template in ng-html, and it bypasses sanitize-html.
My questions,
- I'm wondering if other frameworks like Vue.js and React is also vulnerable to this attack?
- I tried to use
{{ }}
in React and it's not executed bydangerouslySetInnerHTML
method. - I tried to use
{{ }}
in Vue.js and it's not parsed by v-html directive.
- I tried to use
- Why isn't other frameworks affected in this way?