Bug ID #80888 was opened in April 2017 for a bypass vulnerability of the powermail plugin used in Typo 3.
Still vulnerable it can be easily exploited by injecting code like
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">click</a>
So when you find a Typo3 site with powermail installed wich is breaking down all JavaScript functions like onload() or onerror() try injecing a href code which is base64 encoded.