Ars Technica

In what scenario would a newbie developer use javascript onclick in a dangerous way?

In what scenario would a newbie developer use javascript onclick in a dangerous way? I've heard of an xss risk.. like with .innerHTML a developer might use template interpolation with it and do ...