BugPoC: XSS Challenge #2 Solution

Summary: An attacker can achieve arbitrary JavaScript execution in the context of the user's session on calc.buggywebsite.com. This is possible due to a weak origin check in the message event handler in http://calc.buggywebsite.com/frame.js as well as improper handling of the message data, allowi...