CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js before 1.19.11.
uri.js project uri.js