33
33
33
33Simplified test for Max (https://discord.com/channels/1110206757227216916/1168685918920638614/1358614602153201736)
<script>0x0D
window.onerror=x=>true;0x0D
</script>0x0D
<base href="https://example.com" /><a id=x></a>const mw = /^(?!javascript:)/i;0x0D
function nu(e) {0x0D
return (e = String(e)).match(mw) ? e : "unsafe:" + e0x0D
}0x0D
0x0D
const t = nu(`${String.fromCodePoint($[i])}javascript:alert(1)`);0x0D
x.href = t0x0D
x.protocol === 'javascript:' && log($[i])<a id=x></a>