User controllable script source

  • The <strong>src</strong> parameter for one <strong>script</strong> tag from this page is dirrectly controlled by user input. An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.
  • Your script should properly sanitize user input. Do not allow user-input to control script source location references.