From 27d19813f8ea60ff0021516395c4f614930762ec Mon Sep 17 00:00:00 2001
From: Vunnm <58368396+Vunnm@users.noreply.github.com>
Date: Thu, 28 Dec 2023 13:30:49 +0100
Subject: [PATCH] specify condition to perform Angular JS Injection

Indicate that ng-app in a root element is needed to inject Angular JS template. Injecting below payload without a root element with ng-app will not result in a successful injection
---
 XSS Injection/XSS in Angular.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/XSS Injection/XSS in Angular.md b/XSS Injection/XSS in Angular.md
index effb406..d7734a6 100644
--- a/XSS Injection/XSS in Angular.md	
+++ b/XSS Injection/XSS in Angular.md	
@@ -6,6 +6,8 @@ The following payloads are based on Client Side Template Injection.
 
 ### Stored/Reflected XSS - Simple alert in AngularJS
 
+`ng-app` directive must be present in a root element to allow the client-side injection (cf. [AngularJS: API: ngApp](https://docs.angularjs.org/api/ng/directive/ngApp)).
+
 > AngularJS as of version 1.6 have removed the sandbox altogether
 
 AngularJS 1.6+ by [Mario Heiderich](https://twitter.com/cure53berlin)