document.querySelector('p').textContent="XSS" and document.body.appendChild not being detected #3634
Description
$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d "foo=document.querySelector('p').textContent=\"XSS\""
-- no output --
$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d 'foo=document.body.appendChild(document.createElement("h1")).textContent = "XSS"'
-- no output --
The document.head.appendChild and document.querySelector should probably be enough to trigger an alert.