Javascript vulnerability detection

the below code added in the source is not detected as a vulnerability.

const rootEl = document.getElementById('root');
const queryParams = new URLSearchParams(;
const input = queryParams.get("input");
rootEl.innerHTML = input;

used default sonarway builtin quality profile.

Hello Praveen!

Thank you very much for your Feedback and welcome to our community!

I am sorry, but I can not reproduce this behavior. Here you can see that your provided code example does raise an issue on SonarCloud:

Can you double-check if you set any specific configurations for your scan/project?

Thanks again for your report!

Kind regards,