XSS on

I’m trying to solve @kinugawamasato xss challenge

https://vulnerabledoma.in/xss_2020-06/

It’s a php script that receives a argument, escapes it and create he following tag on the html:

<script src="/xss_2020-06/check_code.php?callback=callback&amp;code=PARAM"></script> 

So PARAM is the argument. The maximum payload is 10 chars