UPDATE: This is a summary of XSS without HTML: Client-Side Template Injection with AngularJS. Previously the citation was in the middle of the document and difficult to find. The goal of the summary is to present the exploit and a fix without all the nuances, not to claim the work as my own.

Introduction

AngularJS is a popular JavaScript framework that allows embedding expressions within double curly braces. For example, the expression 1+2={{1+2}} will render as 1+2=3.

This means that if the server echos out user input that contains double curly braces, the user can perform a XSS exploit using…

Welcome to another installation of This Week in Spring! Here we are, already staring at the second month of the year and, boy!, are things getting exciting! I'm about to start hitting the road again and I'd love to talk to you and your organization if you're near any of the following places and events in February:

• Microchg Conf
• JFokus
• Devnexus
• Hatford, Connecticut (around 17/2/2016)
• Confoo
• Shanghai (around 26/2/2016)

Anyway, without further ado, let's get into it!

• our own Paul Chapman chimes in on the updated courseware available for developers who want to learn about Spring
• there are (finally!) new guides available on using Spring Cloud: routing and filtering using the Netflix Zuul microproxy library and Spring Cloud, centralized configuration with the Spring Cloud Config Server, the circuit breaker design pattern, and service registration and discovery using Spring Cloud's DiscoveryClient abstraction and Spring Cloud's integration of Netflix Eureka. Stay tuned, we've got more in the pipeline!
• Spring Boot lead Phil Webb just announced the release of 1.3.2…

This blog has been updated -- see here.

More Information

For more information and to view our complete portfolio of Application Framework, Cloud Native and Big Data Suite classes, visit us at the Pivotal Academy.

Welcome to another installment of This Week in Spring! What a week it's been! Last week saw me visit St. Louis to speak to some customers and deliver a talk at a meetup with my pal Mark Heckler

• check out this post on using Spring Boot with the Wicket web framework
• Nice, quick post on using Spring Boot with MongoDB
• I love this post: it shows how to use Spring Cloud's Config Server with Groovy. Is that a big deal? NO! It's an incredibly tiny, concise, expressive deal! What a wollup!
• I hope you'll join my pal Kenny Bastani for a webinar as he looks at how to use Spring Boot and Neo4J to create a page rank algorithm later this month
• Join Spring Data lead Oliver Gierke as he reviews the latest and greatest in Spring Data in this webinar
• Check out test-obsessed …

Welcome to another installation of This Week in Spring! Today, I spoke at the San Francisco JUG to a packed room and now I'm off to St. Louis for a day of customer meetings. Lots of great stuff to look at as we kick off the new year so let's get to it!

• Check out Spring Integration contributor Artem Bilan's post on the latest-and-greatest on Spring Integration including the debut of a new Spring Integration extension supporting zipping and unzipping of messages in flight.
• the EuregJUG Maas-Rhine published a post on its site about.. the site! Which is all Spring Boot. Check it out.
• Check out the replay of Andy Wilkinson's SpringOne2GX 2015 talk on documenting REST APIs with Spring REST Docs
• Check out the replay of Fatima Casau's SpringOne2GX 2015 talk on using Spring Boot and Groovy
• Marius Bogoevici's SpringOne2GX 2015 talk on stream processing …

Welcome to another installment of This Week in Spring and welcome back from what I hope was a restive, fun new year!

This week, we mark the fifth anniversary of This Week in Spring which Adam Fitzgerald and I started (based on some discussion with Keith Donald in January 2011) fresh from the 2010 holidays.

Since then I've done my level-headed best to publish it every week (no exceptions! no missed weeks!) before midnight in Hawaii on Tuesday, every week, no matter what timezone I find myself in for that week! The world's a big place, so from the perspective of someone sitting in, say, New York City, it may seem sometimes like this blog goes up midday Monday (00:00AM in various Asian countries) or early morning Wednesday (23:59 in Hawaii) - that's a lot of variability! But I assure, you it's always…

Welcome to my first blog post as a Spring Cloud team member :)

It's been a month since I joined and it's worth to share some of the interesting things that took place during that time.

If you've been reading any of my posts at my Too Much Coding blog then you know that I'm crazy about two things - testing and microservices. Since all that I do at the moment is microservice related today's post will be about testing.

The Spring Cloud projects

When I joined Spring Cloud team I did a quick scan of the Github and it turned out that we have quite a few projects to govern including:

• Spring Cloud Netflix (including Eureka Discovery Service and Registry, Hystrix, Feign and RIbbon support)
• Spring Cloud Zookeeper
• Spring Cloud Consul
• Spring Cloud Sleuth
…

Welcome to another installment of This Week in Spring where, with 2016 just around the corner, we'll look at some interesting news from the last week and we'll take a moment to review another amazing year in the Spring and Pivotal ecosystem.

Now let's look at an short-and-sweet list of the latest-and-greatest from the last week:

• Got a Amazon.com gift card burning a hole in your pocket from the holidays? Well, fret not, I've got just the thing for you! At long last, Spring legend Craig Walls' epic Spring Boot in Action is available! Get it while it's hot! GO GO GO!
• Netflix's Genie, which is a job scheduling and resource management layer for big-data jobs based on Spring Boot has just recently cut over from Swagger to Spring REST Docs
• Christoph Burmeister put together an introduction to building a fullstack web application with Spring Boot
• This Portuguse-language post looks at starting a new project …

Welcome to another installment of This Week in Spring! This week, many of us will be off for the Christmas holiday. If you celebrate, then let me wish you the Merriest of Christmases from our team. If you don't celebrate, we'll see you next week as we look at our annual This Year in Spring! and welcome 2016!

Holiday or not, there's a lot of great stuff to read this week so let's get to it!

1. If you're using Spring Cloud Eureka and Jersey you may run into issues because Eureka itself uses Jersey 1.x where as Spring Boot's Jersey support is based on Jersey 1. Read how Aleksandar Stoisavljevic solved it
…