I sanitize a string in Angular like so:
var sanitized = $sanitize($scope.someHtml);
This works well if the user tries to enter malign HTML/Javascript on the application screen.
But if the user presses F12 and sends to the server an HTTP request bypassing the UI code without sanitizing the string, the server will take it. Is there a way to run sanitize on the server side as well? I'm using Scala/Java.
Take a look at Jsoup, a Java lib (that you can easily use with scala) for HTML parsing, DOM manipulations, and so on.
The given link explains how to clean a document using a Whitelist (so that only the specified elements/tags are accepted).