Stealing Bearer Tokens with an Angular Expression Injection

It looks like this is only possible when we are mixing server side / client side templates? Enter an expression into input, a user hard refreshes and the expression is rendered into our angular template. Are there any good approaches to always scrubbing expression input on the server side (or just avoid the client side / server side template mix?)

I bet there are a lot more production angular apps out there than people think that have this vulnerability right now.

Crazy, now to go double check all my angular code

This is a legitimate comment.