From 88d419a09baa5ef24f2f04e1757b5789c5c6825f Mon Sep 17 00:00:00 2001
From: "J. Degand" <70610011+jdegand@users.noreply.github.com>
Date: Sun, 1 Sep 2024 00:32:27 -0400
Subject: [PATCH] docs(angular): add xssi content (#6925)

---
 ...ross-site-script-inclusion@zd7YJGlcMFNFbsKUiW_XC.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/data/roadmaps/angular/content/cross-site-script-inclusion@zd7YJGlcMFNFbsKUiW_XC.md b/src/data/roadmaps/angular/content/cross-site-script-inclusion@zd7YJGlcMFNFbsKUiW_XC.md
index 535baaa7d..47afc1709 100644
--- a/src/data/roadmaps/angular/content/cross-site-script-inclusion@zd7YJGlcMFNFbsKUiW_XC.md
+++ b/src/data/roadmaps/angular/content/cross-site-script-inclusion@zd7YJGlcMFNFbsKUiW_XC.md
@@ -1 +1,9 @@
-# Cross-site Script Inclusion
\ No newline at end of file
+# Cross-site Script Inclusion
+
+Cross-site script inclusion, also known as JSON vulnerability, can allow an attacker's website to read data from a JSON API. The attack works on older browsers by overriding built-in JavaScript object constructors, and then including an API URL using a `<script>` tag. Angular's HttpClient library recognizes this convention and automatically strips the string ")]}',\n" from all responses before further parsing.
+
+Visit the following resources to learn more:
+
+- [@official@Angular Official Docs - Cross Site Script Inclusion](https://angular.dev/best-practices/security#cross-site-script-inclusion-xssi)
+- [@article@XSSI Cross Site Script Inclusion](https://book.hacktricks.xyz/pentesting-web/xssi-cross-site-script-inclusion)
+- [@article@Testing for Cross Site Script Inclusion](https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/13-Testing_for_Cross_Site_Script_Inclusion)
\ No newline at end of file