function Script(url){
var oScript = document.createElement('script');
oScript.type = 'text/javascript';
oScript.src = url;
$("head").html(oScript);
}
fortify扫描到oScript.src = url;这一行提示,Open Redirect
Cross-Site Scripting: DOM (Input Validation and Representation, Data flow)
http://blog.csdn.net/z69183787/article/details/34433939
<a>aa<a/>
解决了么?