⬇ Security Benefits (for coding nerds)
- ☑ Angular has visible and attainable security guidelines, a
security contact and a responsible disclosure policy, all of
which are missing from the React project. - ☑ Angular has broader built-in support for data sanitization and
output encoding in different contexts such as URL attributes
in HTML anchor (or, link) elements. - ☑ React doesn’t have built-in controls for data sanitization, but
rather encodes output by default in most cases and leaves it
up to developers to address unhandled cases such as refs and
URL attributes (the latter of which is addressed in the React
v16.9.0 release). - ☑ Angular includes support for Cross-Site Request Forgery
(CSRF) vulnerabilities with a built-in security mechanism
in its HTTP service. React developers need to address these
issues independently.
For complete details, please visit angular.io
Return to ONELIGHT Home
