htmlangularsecurity

Why does angular add ng-version attribute to the app-root html tag


Today, I noticed that Angular adds its version information in the app-root as following:

<app-root _nghost-c0="" ng-version="5.2.0">

And even when I build in the production environment, it seems to be present. I don't know what's the main goal for adding that information there ? Isn't it a security issue to show the angular version publicly ? Thanks


Solution

  • Angular uses this attribute to tag the element that was used to bootstrap the application.

    See also https://github.com/angular/angular/commit/a4de214e2be5048f1261d043cc467a5ecaa5c909

    Hiding it would only be security by obscurity which is not security.