Add Angular security content (#6634)

* add security content

* Update src/data/roadmaps/angular/content/cross-site-scripting@umUX4Hxk7srHlFR_Un-u7.md

* Update src/data/roadmaps/angular/content/security@mm6c7GLQEwoQdAHdAYzGh.md

* Update src/data/roadmaps/angular/content/trusting-safe-values@XoYSuv1salCCHoI1cJkxv.md

---------

Co-authored-by: DrDreo <code@anderas-hahn.at>
Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com>

src/data/roadmaps/angular/content/cross-site-scripting@umUX4Hxk7srHlFR_Un-u7.md

@@ -1 +1,11 @@
-# Cross-site Scripting
+# Cross-site Scripting
+
+Cross-site scripting (XSS) enables attackers to inject malicious code into web pages. Such code can then, for example, steal user and login data, or perform actions that impersonate the user.
+This has been one of the biggest web security vulnerabilities for over a decade.
+
+To systematically block XSS bugs, Angular treats all values as untrusted by default. When a value is inserted into the DOM from a template binding, or interpolation, Angular sanitizes and escapes untrusted values.
+
+Visit the following resources to learn more:
+
+- [@official@Angular Official Docs - Preventing cross-site scripting (XSS)](https://angular.dev/best-practices/security#preventing-cross-site-scripting-xss)
+- [@article@Mitigate cross-site scripting (XSS)](https://web.dev/articles/strict-csp)

src/data/roadmaps/angular/content/sanitization@cgI9oeUHufA-ky_W1zENe.md

@@ -1 +1,13 @@
-# Sanitization
+# Sanitization
+
+Sanitization is the inspection of an untrusted value, turning it into a value that's safe to insert into the DOM. In many cases, sanitization doesn't change a value at all. Sanitization depends on context: A value that's harmless in CSS is potentially dangerous in a URL.
+
+Angular sanitizes untrusted values for HTML and URLs. Sanitizing resource URLs isn't possible because they contain arbitrary code. In development mode, Angular prints a console warning when it has to change a value during sanitization.
+
+Interpolated content is always escaped —the HTML isn't interpreted and the browser displays angle brackets in the element's text content.
+
+For the HTML to be interpreted, bind it to an HTML property such as `innerHTML`. Be aware that binding a value that an attacker might control into `innerHTML` normally causes an XSS vulnerability.
+
+Visit the following resources to learn more:
+
+- [@official@Angular Official Docs - Sanitization and security contexts](https://angular.dev/best-practices/security#sanitization-and-security-contexts)

src/data/roadmaps/angular/content/security@mm6c7GLQEwoQdAHdAYzGh.md

@@ -1 +1,8 @@
-# Security
+# Security
+
+This topic describes Angular's built-in protections against common web-application vulnerabilities and attacks such as cross-site scripting attacks. It doesn't cover application-level security, such as authentication and authorization.
+
+Visit the following resources to learn more:
+
+- [@official@Angular Official Docs - Security](https://angular.dev/best-practices/security)
+- [@official@Open Web Application Security Project (OWASP)](https://owasp.org/)

src/data/roadmaps/angular/content/trusting-safe-values@XoYSuv1salCCHoI1cJkxv.md

@@ -1 +1,7 @@
-# Trusting Safe Values
+# Trusting Safe Values
+
+Sometimes applications genuinely need to include executable code, display an `<iframe>` from some URL, or construct potentially dangerous URLs. To prevent automatic sanitization in these situations, tell Angular that you inspected a value, checked how it was created, and made sure it is secure. Do be careful. If you trust a value that might be malicious, you are introducing a security vulnerability into your application. If in doubt, find a professional security reviewer.
+
+Visit the following resources to learn more:
+
+- [@official@Angular Official Docs - Trusting safe values](https://angular.dev/best-practices/security#trusting-safe-values)