Protection Against XSS Injections (Sanitization)

Angular automatically sanitizes unsafe values.

Example

<div [innerHTML]="htmlContent"></div>

TypeScript

import { Component } from "@angular/core";

@Component({
  selector: "app-content",
  standalone: true,
  templateUrl: "./content.component.html",
})
export class ContentComponent {
  htmlContent = '<script>alert("XSS")</script>';
}

Explanation

Angular removes unsafe script tags before rendering.