From c107852127ead0c4f42d1616e6a12959605ef68a Mon Sep 17 00:00:00 2001
From: tomer-mobb <132216976+tomer-mobb@users.noreply.github.com>
Date: Tue, 23 Jan 2024 20:52:08 +0700
Subject: [PATCH 1/2] Update xss-example.js

---
 xss-example.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xss-example.js b/xss-example.js
index c39e9a03c..eee8ab517 100644
--- a/xss-example.js
+++ b/xss-example.js
@@ -4,4 +4,5 @@ var urlParams = new URLSearchParams(window.location.search);
 var username = urlParams.get('username');
 
 var unsafe_div = window.document.getElementById("vulnerable-div");
-unsafe_div.innerHTML = "Hello to you ";
+// here's an XSS:
+unsafe_div.innerHTML = "Hello to you " + username;

From 18887c04e1c716d5fc70fa74c74a9d96e3695eea Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Wed, 24 Jul 2024 21:54:47 +0000
Subject: [PATCH 2/2] XSS fix by mobb-a4f7e9da-b384-4f4f-aa35-4aad3144d0fd

---
 xss-example.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xss-example.js b/xss-example.js
index eee8ab517..7f0f91d40 100644
--- a/xss-example.js
+++ b/xss-example.js
@@ -5,4 +5,4 @@ var username = urlParams.get('username');
 
 var unsafe_div = window.document.getElementById("vulnerable-div");
 // here's an XSS:
-unsafe_div.innerHTML = "Hello to you " + username;
+unsafe_div.textContent = "Hello to you " + username;