BurpSuite is flagging some of our files as the JSPs include lines like:
<a href="javascript:;"… or <a href="javascript:void(0);"…
This code is bad practice (inline JavaScript), bad for SEO and acessibility and generally should be dealt with either with a button or by having JavaScript in an external file.
Non-compliant code: <a href="javascript:;">...</a>
Compliant code: <button href="javascript:;">...</buttpn>
Reference: <a>: The Anchor element - HTML: HyperText Markup Language | MDN
Anchor elements are often abused as fake buttons by setting their
hrefto#orjavascript:void(0)to prevent the page from refreshing, then listening for theirclickevents .These bogus
hrefvalues cause unexpected behavior when copying/dragging links, opening links in a new tab/window, bookmarking, or when JavaScript is loading, errors, or is disabled. They also convey incorrect semantics to assistive technologies, like screen readers.Use a
<button>instead. In general, you should only use a hyperlink for navigation to a real URL .