Angular’s internal CookieXSRFStrategy and DomSanitizer classes are helping us to be safe XSS/CSRF/XSRF.
DomSanitizer takes care of removing the dangerous bits in order to prevent an XSS attack.
CookieXSRFStrategy takes care of preventing CSRF/XSRF attacks.
CSRF/XSRF protection is enabled by default on the client but only works if the backend sets a cookie named XSRF-TOKEN with a random value when the user authenticates.