xss4.html

<html><body>

Mighty <div id='namediv'></div>, compose your email now:

<form>To: <input type='text'></input><br>                                                                                                          
  Subject: <input type='text'></input><br>                                                                                                           
  Content: <textarea></textarea><br>                                                                                                                 
  <input type="button" value="Send!"/>                                                                                                               
</form>

<script>
  var urlparser = new URLSearchParams(window.location.search);
  document.getElementById('namediv').innerHTML = urlparser.get('name');
</script>

</body></html>