How does Angular handle XSS or CSRF?

Question

How does Angular (2) handle XSS and CSRF. Does it even handle these attacks? If so, what do I have to do to use this protection? If not, do I have to handle all these attac

Answer 1

Following is brief guide on how CSRF is handled in backend/server-side implementation when using SpringBoot

The token in CSRF can be associated either with HttpSession or in a cookie

To handle as a cookie, we may pass

.csrfTokenRepository(new CookieCsrfTokenRepository())

To handle as a HttpSession, we may pass

.csrfTokenRepository(new HttpSessionCsrfTokenRepository())   

Even we can have a custom csrf token repository by implmenting CsrfTokenRepository in case we need skip specific url and so on

all above can be used when overriding configure method of WebSecurityConfigurerAdapter