angular-securitylisted
Install: claude install-skill hlsitechio/claude-skills-security
# Angular Security Audit
Audit Angular applications for framework-specific vulnerabilities. Covers Angular 14+ (modern), with notes on older.
## When this skill applies
- Reviewing Angular components for XSS
- Auditing DomSanitizer usage
- Reviewing route guards and authorization
- Checking HttpClient interceptors and CSRF setup
- Reviewing environment files for secret leakage
## Workflow
Follow `../_shared/audit-workflow.md`.
### Phase 1: Stack detection
```bash
grep -E '"@angular/core":' package.json
ng version 2>/dev/null
find . -name 'angular.json' -not -path '*/node_modules/*'
```
### Phase 2: Inventory
```bash
# XSS bypass sinks
grep -rn 'bypassSecurityTrust' src/
# innerHTML bindings
grep -rn '\[innerHTML\]' src/
# Route guards
grep -rn 'CanActivate\|CanLoad\|CanMatch\|canActivate' src/
# Interceptors
grep -rn 'HttpInterceptor\|provideHttpClient' src/
# Environment files
find src -name 'environment*.ts'
```
### Phase 3: Detection — the checks
#### DomSanitizer bypass
Angular auto-escapes interpolation. The bypass is `DomSanitizer.bypassSecurityTrust*`:
- **ANG-XSS-1** Every `bypassSecurityTrustHtml`, `bypassSecurityTrustScript`, `bypassSecurityTrustStyle`, `bypassSecurityTrustUrl`, `bypassSecurityTrustResourceUrl` reviewed. The "bypass" name is the warning.
- **ANG-XSS-2** Bypassed content from user input → Critical. Use `sanitize` instead of `bypassSecurityTrust*` unless the content is genuinely trusted.
```ts
// BAD
this.trustedHtml = this.sanitizer