Added test case for unescape.

Author: Napalys

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js

@@ -493,3 +493,13 @@ function nonGlobalSanitizer() {
   $("#foo").html(target.replace(new RegExp("<|>", unknownFlags()), '')); // OK - most likely good. We don't know what the flags are.
   $("#foo").html(target.replace(new RegExp("<|>", "g"), ''));
 }
+
+function FooBar() {
+  this.foo = document;
+  var obj = {
+    bar: function() {
+      this.foo.body.innerHTML = unescape(window.location.hash); // $ MISSING: Alert
+    }
+  };
+  Object.assign(this, obj);
+}