Fortify is reporting a dynamic code evaluation vulnerability in one of my JavaScripts. The particular line builds a URL and I am not sure as to what is risky about this. Can someone please point that out. Below is the code.
ProxyCollector.doAjax=function(k,l){var j=document.location.protocol+"//"+k+":"+getRandomPort()+"/NonExistentImage"+getRandomPort()+".gif";
This is the Abstract from the fortify report: The file test.js interprets unvalidated user input as source code on line 315. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.