User controllable script source

  • The src parameter for one script tag from this page is dirrectly controlled by user input. An attacker who can control the reference location to a JavaScript source file can load a script of their choice into an application.
  • Your script should properly sanitize user input. Do not allow user-input to control script source location references.