SOURCE
location.search
SINK
element.innerHTML
function doSearchQuery(query) {document.getElementById('searchMessage').innerHTML = query;}var query = (new URLSearchParams(window.location.search)).get('search');if (query) {doSearchQuery(query);}
SOURCE
location.search
SINK
document.write(
function trackSearch(query) {document.write('<img src="/resources/images/tracker.gif?searchTerms=' + query + '">')}var query = (new URLSearchParams(window.location.search)).get('search');if (query) {trackSearch(query)}
SOURCE
event.data
SINK
eval()
window.addEventListener('message', function(e) {eval(e.data);});
SOURCE
location.hash
SINK
location
let url = /https?:\/\/.+/.exec(location.hash);if (url) {location = url[0];}
SOURCE
location.hash
SINK
location
goto = location.hash.slice(1)if (goto.startsWith('https:')) {location = goto;}
若有收获,就点个赞吧
0 人点赞
