User controllable tag parameter

  • An attacker can control one or more parameter values of a sensitive HTML tag (e.g. link href). In some conditions this can cause security issues such as XSS (cross-site scripting).
  • Your script should properly sanitize user input. Do not allow user-input to fully control important parameter tag values.