From b1c8011f1ffd885a274c23c86f12f655837218e3 Mon Sep 17 00:00:00 2001
From: glluna <gabrielluna98@hotmail.com>
Date: Mon, 17 Mar 2025 07:47:04 -0300
Subject: [PATCH] =?UTF-8?q?Adicionado=20medidas=20de=20seguran=C3=A7a=20ao?=
 =?UTF-8?q?=20projeto?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/app/services/security.service.spec.ts | 16 +++++++++++++++
 src/app/services/security.service.ts      | 25 +++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 src/app/services/security.service.spec.ts
 create mode 100644 src/app/services/security.service.ts

diff --git a/src/app/services/security.service.spec.ts b/src/app/services/security.service.spec.ts
new file mode 100644
index 00000000..949b6f8d
--- /dev/null
+++ b/src/app/services/security.service.spec.ts
@@ -0,0 +1,16 @@
+import { TestBed } from '@angular/core/testing';
+
+import { SecurityService } from './security.service';
+
+describe('SecurityService', () => {
+  let service: SecurityService;
+
+  beforeEach(() => {
+    TestBed.configureTestingModule({});
+    service = TestBed.inject(SecurityService);
+  });
+
+  it('should be created', () => {
+    expect(service).toBeTruthy();
+  });
+});
diff --git a/src/app/services/security.service.ts b/src/app/services/security.service.ts
new file mode 100644
index 00000000..3ad91433
--- /dev/null
+++ b/src/app/services/security.service.ts
@@ -0,0 +1,25 @@
+import { Injectable } from '@angular/core';
+import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
+import { HttpHeaders } from '@angular/common/http';
+
+@Injectable({
+  providedIn: 'root'
+})
+export class SecurityService {
+  constructor(private sanitizer: DomSanitizer) {}
+
+  // Sanitiza HTML para evitar XSS
+  sanitizeHtml(content: string): SafeHtml {
+    return this.sanitizer.bypassSecurityTrustHtml(content);
+  }
+
+  // Retorna headers seguros para requisições HTTP
+  getSecureHeaders(): HttpHeaders {
+    return new HttpHeaders({
+      'Content-Security-Policy': "default-src 'self'",
+      'X-Content-Type-Options': 'nosniff',
+      'X-Frame-Options': 'DENY',
+      'X-XSS-Protection': '1; mode=block'
+    });
+  }
+}