Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag
No vulnerabilities detected