How to Exploit DOM XSS? [closed]


Is it exploitable or not?

Issue detail

The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location and passed to the wrap()‘ function of JQuery via the following statement:

Turbolinks.Location.wrap(window.location)   ("replace",e,t)},e.prototype.onPopState=function(e){var t,n,i,a;return this.shouldHandlePopState()&&(a=null!=(n=e.state)?n.turbolinks:void 0)?(t=Turbolinks.Location.wrap(window.location),i=a.restorationIdentifier,this.delegate.historyPoppedToLocationWithRestorationIdentifier(t,i)):void 0}, 

enter image description here