Reflected XSS In Skin Change Page for Older Browsers

*This will only work on older browsers or using XSS filter evasion techniques.*
If a user were enticed to visit https://minecraft.net/en/profile/skin/remote/?url=javascript:alert(%27xss%27) on an older browser, an alert box would open with the text "xss". When visited using a modern browser such as Google Chrome, an error is displayed. In chrome, this error is a mixed-content error. Internet explorer displays an error about cross-site scripting. Though the XSS filters blocks this code from executing, it's still an issue as there have been many ways to evade the XSS filter in the past, and many people run older or out of date browsers.