We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags.  James talks about this unique ability and how to protect your applications from it. 

The related blog post for this can be found at https://www.developsec.com/2017/09/06/javascript-in-an-href-or-src-attribute/

Want to listen on YouTube?  Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Join the conversations.. join our slack channel.  Email [email protected] for an invitation.

DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

Send us Fan Mail

For more info go to https://www.developsec.com or follow us on X (@developsec).

The DevelopSec podcast is brought to you by Jardine Software Inc.