Dom based xss example

domxss.js

var debug = document.getElementById("subnav")

function _Debug_(p) {
    p = p.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
    var r = new RegExp("[\\?&]" + p + "=([^&#]*)"),
    results = r.exec(location.search);
    return results == null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}

if(location.search){
    debug.innerHTML += _Debug_("param")); 
}