Is XSS possible when using htmlspecialchars and https prefix check in href?

There is a standard XSS exploitation technique where one can use javascript keyword in <a href=""> to execute javascript code. Example:

<a href="javascript:alert(42);">please clickme</a>

Let’s us consider PHP code which uses htmlspecialchars with combination of a prefix check, where the URL must always start with https://. Is there any way to exploit it in modern browsers like firefox, chrome?

<?php
// PHP 7
$url = htmlspecialchars($_GET["url"] ?? "", ENT_QUOTES);
$text = htmlspecialchars($_GET["text"] ?? "", ENT_QUOTES);
if ((substr($url, 0, 8) !== "https://")) {
    $url = "https://" . $url;
}
?>
<a href="<?= $url; >"><?= $text; ></a>

I know that there is a open redirect vulnerability. I tried things like https://@javascript://://alert(); but it seems that google chrome blocks it (medium.com 2017: Say goodbye to URLs with embedded credentials). [This question is not about securing that code – this question is solely about exploiting.]

Here are more examples from the past:

• youtube, liveoverflow: “HOW FRCKN’ HARD IS IT TO UNDERSTAND A URL?! – uXSS CVE-2018-6128”

• youtube, liveoverflow: “Identifying Good Research to actually Learn Something – Cross-site Scripting”