0

Angular App throwing Cannot match any routes error with XSS script in URL :

I am developing an application in Angular 4. When I am trying to write routes for a feature module, I am getting an error as Error: Cannot match any routes.

Here's the routes code I have used:

const ROUTES: Routes = [ {path: '', redirectTo: '/', pathMatch: 'full'}, {path: 'test/:name', component: TestCompnent}, {path: '**', component: TestCompnent} ];

Routing is working fine and going to the TestCompnent when the route is something like test/angular or test/some-course-name but when I try to inject some XSS script into the same route, such as

test/<script>alert('hello')</script>,

its throwing an error as

Error: Cannot match any routes. URL Segment: ''hello'' Error: Cannot match any routes. URL Segment: ''hello''

Improve this question
2
  • You shouldn't inject XSS script into the route Commented Sep 23, 2019 at 13:35
  • Even for a hacker user, becausse i've got a blanc screen with this fatal error. Commented Sep 23, 2019 at 14:35

1 Answer 1

Reset to default
0

That is expected and wanted behavior, since XSS is a major vulnarability for most services. Therefor the guys and girls over at Google did their best to disable them. Docs

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for your response, Therefore, is there any solution to redirect to home page or another page, because when i got this error i have just blanc screen so there is no indication about the state of the application even for a hacker user.
From my experience your wildcard path {{path: '**', redirectTo: ''}} should already do the trick. Maybe this is overwritten by the XSS blocking behaviour and should possibly be reported as a bug.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.