search

AngularJS sandbox

https://www.w3schools.com/angular/ng_ng-app.asp

If a site loads angular.js plugin, then worth checking if able to escape its sandbox and perform xss.

Sandbox restricts access to windows or document and dangerous properties such as __proto__ , bypasses are available.

Note : post AngularJS in version 1.6, sandbox was removed.

hashtag
Working:

Sandbox parses expression, rewrites JS and tests whether rewritten code contains any dangerous objects.

This can be object references, properties referenced, methods invoked

This means that need to bypass angularjs blacklisting, but execution is possible.

hashtag
AngularJS sandbox escapes:

Using charAt() globally within an expression.

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XSS%20Injection/XSS%20in%20Angular.mdgithub.comchevron-right

hashtag
LAB 1:

Simply using payload for this angular version didn't work.

LogoText to ASCII Code Converter - Chars to ASCII Numbers - Online - Browserling Web Developer Toolswww.browserling.comchevron-right
PreviousXSS Locator PolyglotNextPayloads/Insertion Points

Last updated