Translations:DOM-based XSS/23/en

Using user data in a string passed to $1, $2, an object's event handler, or $3 url targets