This page reads the URL hash and displays a welcome message using innerHTML — no sanitization.
Hint: add #<img src=x onerror=alert(1)> to the URL and reload. The page puts the hash value directly into innerHTML.
#<img src=x onerror=alert(1)>