You’re a service like Vercel. You prompt users for a project name my-project then deploy that project to my-project.vercel.app. Great. Then a malicious user provides you with a project named my-project.com#. Now vercel sanitizes their inputs so this doesn’t happen, but if you didn’t then the url that would be generated would be my-project.com#.vercel.com and #.vercel.com is a url hash, which never gets sent to the server. The location object would look like this:

Location {
  "hash": "#.vercel.com",
  "domain": "my-project.com"
}

Now, this isn’t terrible, but if vercel also used the generated url & domain internally, theres a chance that it could be sending requests with environment variables… just like what happened with Web Dev Cody here: This is why you can’t blindly use AI.