I want to sanitize my login form input and encrypt passwords to avoid script injections.
Info: $sanitize is a service provided by AngularJS that can be used to protect against injection attacks when you inject HTML into a web page.
LoginController.js
1 2 3 4 5 6 7 8 9 |
... $scope.credentials = { email: "", password: "" }; $scope.login = function(credentials) { AuthenticationService.login($scope.credentials); }; |
AuthenticationService.js
1 2 3 4 5 6 7 8 9 10 11 12 13 |
... var sanitizeCredentials = function(credentials) { return { email: $sanitize(credentials.email), password: $sanitize(credentials.password), csrf_token: CSRF_TOKEN }; }; var login = $http.post("/auth/login", sanitizeCredentials(credentials)); |
Encrypt password and token
This will protect against script injections but now you might want to also encrypt you passwords and tokens so they are sent obfuscated. So this is how you might encrypt your username and password with AngularJS.
Todo: add the best way to do this… any ideas???
Hi, thanks for this post.. Do you might share code? Please
Thanks