Are there actually any valid use cases for this?

    window.location.href = "javascript:..."

I assume there are hundreds of websites that also blindly pass a URL parameter to it. Most developers simply don't expect that a redirect is something they have to sanitize.

Why do browsers allow this at all?