This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.
https://support.apple.com/en-us/HT213848
https://support.apple.com/en-us/HT213847
https://support.apple.com/en-us/HT213846
https://support.apple.com/en-us/HT213843