function Script(url){
var oScript = document.createElement('script');
oScript.type = 'text/javascript';
oScript.src = url;
$("head").html(oScript);
}
fortify扫描到oScript.src = url;这一行提示,Open Redirect
Cross-Site Scripting: DOM (Input Validation and Representation, Data flow)