Found usage of deprecated javascript: URLs JS-0421

URLs starting with javascript: are a dangerous attack surface because it's easy to accidentally include the unsanitized output in a tag like <a href> and create a security hole for XSS. The developers can use the React event handlers e.g. onChange, onClick etc.

Bad Practice

<a href="javascript:"></a>
<a href="javascript:void(0)"></a>

Recommended

<a href="https://www.website.com">text</a>
<div onClick={handleClick}></div>

References

• Deprecating javascript: URLs