no-angular-bypass-sanitizer.md 692 B

Do not bypass Angular's built-in sanitization (no-angular-bypass-sanitizer)

Calls to bypassSecurityTrustHtml, bypassSecurityTrustScript and similar methods bypass DomSanitizer in Angular and need to be reviewed.

Sanitization should be disabled only in very rare and justifiable cases after careful review so that the risk of introducing Cross-Site-Scripting (XSS) vulnerability is minimized.

The issue is well described in official DomSanitizer documentation. Also see Angular Security Guide for more details.