DOM open redirect vulnerabilities occur when user-controlled data like ``++document.location.hash++`` property is directly used to perform redirections.


User-controlled data should always be considered untrusted and validated before being used to modify the DOM.