const url = '${href.split('/').slice(0, -3).join('/')}/entity/id/${id}';
<a className="link" target="_blank" href={url} rel="noreferrer">
checkmarx scan fails with high vulnerablity
The potentially tainted value provided by location is used as a destination URL by href in , potentially allowing attackers to perform an open redirection.
How to fix this ?