If something happens here when viewing this via the share server, then the XSS vulnerability is live!

$\\unicode{<img src onerror=confirm(1)>}$

It is expected that this should show a popup when trusting the notebook, of course.