Code injection with javascript: URL in JSX

ID

javascript.react_javascript_url

Severity

high

Resource

Injection

Language

JavaScript

Tags

CWE:94, React, asvs50-v1.3.5, asvs50-v1.3.7

Description

Rationale

Remediation

Configuration

The detector has no specific configurable parameters.

References

CWE-94 : Improper Control of Generation of Code ('Code Injection').
OWASP Top 10 2025 - A05 : Injection.