Lab: DOM XSS in innerHTML sink using source location.search