User controllable tag parameter


An attacker can control one or more parameter values of a sensitive HTML tag (e.g. link href). In some conditions this can cause security issues such as XSS (cross-site scripting).


Your script should properly sanitize user input. Do not allow user-input to fully control important parameter tag values.