What's the best way to prevent XSS attacks in an angularjs app? I've used $sanitize before sending it to a rest service call and I'm still getting errors from our security team that the app isnt secure. The call is something along the lines of
http://somesite.com/search?dateFrom='%22()%26%25<acx><ScRiPt%20>prompt(961193)</ScRiPt>&dateTo=20141231&code=5900
But this is suppose to be a POST call. Im not sure why the security scan is still producing errors. Is this something that must be fixed server side? I have a validation in my input fields using directives to prevent users from inputting invalid characters like < , > etc. So I have no clue as to how the scan is producing those errors...