Reverse DOM XSS

I came recently with an idea about how to exploit a DOM XSS vulnerability that it might be worth sharing here so others can use this trick, adapt it and defeat some poor filters with a little of JavaScript and some creativity. During an engagement I found a piece of code similar to this one: <a href=”#” onclick=”goToWebsite(this, ‘url’,¬† ‘/ShowInfo.php?id=[INJECTION]&category=CARS’);”> The code behind goToWebsite was something like this: function goToWebsite(e,…