the below code added in the source is not detected as a vulnerability.
const rootEl = document.getElementById('root');
const queryParams = new URLSearchParams(document.location.search);
const input = queryParams.get("input");
rootEl.innerHTML = input;
used default sonarway builtin quality profile.
Thank you very much for your Feedback and welcome to our community!
I am sorry, but I can not reproduce this behavior. Here you can see that your provided code example does raise an issue on SonarCloud:
Can you double-check if you set any specific configurations for your scan/project?
Thanks again for your report!