Lifestyle service chi.mp (free 2nd level domain, blog) does not filter javascript

The well-known live stream service with a free second-level domain.
Let's google:

227 000 - not so little. Most of the output - just blogs on chi.mp.
But safety was forgotten as always.

And how did it all start? And from the fact that to me this freebie all ears buzz. Well, I think, why not acquire another domain and a blog, but at the same time see what's new in the UI is invented, and “what's going on in the world” ©

And so, eh. And as always, the first thing got into wysywig .

Quite elegant, but scanty. The first impression was secure. And then I remembered that I wanted to use the blog for programming posts. And javascript incl. How to give examples? I would like the same right inside the article, so that more and executed.

We try the simplest in source mode:

')
Go back / save. Did not work.


But as you have already noticed, neither the internal handler (onclick) nor the arbitrary ID of the element were cut.
And I decided to continue. Only this time using the decodeURIComponent js-function.

No comments. What I got there still - I will not tell.