SAP Knowledge Base Article - Preview

3470111 - SAP commerce has Disabled Angular built-in sanitization



If the SonarQube Security Hotspots is used for scanning the application code, the vulnerability is detected in :


What is the risk? 

Angular prevents XSS vulnerabilities by treating all values as untrusted by default. Untrusted values are systematically sanitized by the framework before they are inserted into the DOM.

Still, developers have the ability to manually mark a value as trusted if they are sure that the value is already sanitized. Accidentally trusting malicious data will introduce an XSS vulnerability in the application and enable a wide range of serious attacks like accessing/modifying sensitive information or impersonating other users.



SAP commerce 2205 or Higher


SAP Commerce Cloud 2205 ; SAP Commerce Cloud 2211


SAP commerce security, XSS Vulnerability, Angular DOM , KBA , CEC-SCC-COM-SEDIT , SmartEdit , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.