Menu
I new in Angular and I try to understand:
The directive @ViewChild have any use without Elementref?
Elementref access to DOM direcly? or to Virtual DOM?
Why angular team say: "Permitting direct access to the DOM can make your application more vulnerable to XSS attacks." That mean Vanila JS is danger due the claim: JavaScript access DOM?
387
ViewChild is a property decorator that helps you to inject a reference to a component, or to a DOM reference.
In your case, you're concern about the latter. ElementRef wraps a reference to the DOM element.
Angular provides tools for DOM manipulation - such as Renderer - with built-in sanitization mechanisms, if you use ElementRef to modify the DOM, you need to handle your own sanitization mechanism (because you bypass Angular DOM sanitization) in order to avoid XSS Attacks. If you don't modify the DOM, you're safe by design.
147
answered Sep 10 '25 09:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
