What's a Sink in Application Security? A sink can be described as a function or method that is potentially dangerous when it's (unexpectedly) called or if one of its arguments, coming from an untrusted input, is not correctly escaped according to the layer the function is going to communicate to. The jQuery Sink Suppose we have the following code: var aVar=location.hash; jQuery(aVar); By looking a