function test() { let tainted = document.location.search; // $ Source $("

" + tainted + "

"); // $ Alert $(`

${tainted}

`); // $ Alert $("

".concat(tainted).concat("

")); // $ Alert $(["

", tainted, "

"].join()); // $ Alert $("

"); // $ Alert $(`

`); // $ Alert $("

")); // $ Alert $(["

"].join()); // $ Alert function indirection1(attrs) { return '

' + content + '

'; } function indirection2(attrs) { return '

'.concat(content)).concat('

'); } $(indirection1(document.location.search.attrs)); // $ Alert $(indirection2(document.location.search.attrs)); // $ Alert };