Angular v13: Best Practices

Photo by Lance Anderson on Unsplash

Angular together with Vue and React is one of the three most popular front-end frameworks nowadays that currently bases on Typescript. If you land in front-end team with modern tech stack, the probability that you will deal with Angular is slightly over 30% according to its market share. Other than being written on Typescript, Angular is a highly opinionated framework, which means there are pretty strict architectural and technical guidelines that you need to follow in order to be able to make it work. Having mentioned this fact it is good to take a look at basic guidelines that Google Angular Team recommends to adhere when working with Angular Web Application.

Security…

• Stay updated with the latest Angular library releases. Check the Angular change log for security-related updates.
• Avoid Angular APIs marked in the documentation as “Security Risk.” For more information, see the Trusting safe values section of this page.
• Prevent cross-site scripting (XSS) by avoiding malicious code from entering your DOM (Document Object Model) through <script> tag or <a href="javascript:...">
• Content Security Policy (CSP) is a defense-in-depth technique to avoid XSS. You can configure HTTP header to return according CSP. Read more here.