[esafwan]

That suddenly makes Angular look scary for some clients. vulnerability that is known to an entity/entities but unknown to the Angular developers or contributors....

[codedokode]

The vulnerability occurs only if you inject Angular into a web page from browser extension in some browsers. There is no vulnerability if you are writing a SPA using Angular.