Is document.write(window.location.hash.substr(1)) still exploitable for DOM XSS?

I stumbled upon Google’s firing range for DOM XSS testing, and this case caught my eye:

<script>   var payload = window.location.hash.substr(1);document.write(payload); </script> 

As far as I know, Chrome, Firefox ans Safari now URL-encode location.hash and, making the exploit fail:

malicious link:<script>alert(1)</script> 

result on page:


Given that the above-mentioned browsers take up most of the market share, is this vulnerability effectively not exploitable anymore? Or is there a way to exploit it despite the URL-encoding?

Thanks in advance.