The IT department here where I work ran a Network Vulnerability Assessment Report on which appeared several unresolvable local links. The JavaScript code associated with this link is for a pop-up page and the function call is made within the href command. Like this:

<a href "JavaScript:AnytimeWindow('LivePerson.htm')">

The code is good and the links are not broken or dead.

Is anyone familiar with this problem? The IT department has yet to disclose what program they used to come up with this Vulnerability Assessment, but generally do you think the program should have some setting that won't flag all those JavaScripts?

There is a note on the report that "This issue does not indicate a serious vulnerability, and is only noted as a courtesy." but the Executive Vice President in charge of IT wants me to change all those scripts anyway.

I'm looking at making 1,000's of changes in script to appease this program.

Any advice or inside knowledge you can lend about vulnerability assessment programs or the actual risk involved, if any, when using this particular JavaScript code would be greatfully accepted.