<script>location.hostname = "%";</script> causes endless loop.
vulners.com/securityvulns/securityvulns:doc:22022