We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags.  James talks about this unique ability and how to protect your applications from it. 

The related blog post for this can be found at https://www.developsec.com/2017/09/06/javascript-in-an-href-or-src-attribute/

Want to listen on YouTube?  Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Join the conversations.. join our slack channel.  Email [email protected] for an invitation.

DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

Send us a text

For more info go to https://www.developsec.com or follow us on X (@developsec).

The DevelopSec podcast is brought to you by Jardine Software Inc.