What is Detectify?

postmessage

Hacking Slack using postMessage and WebSocket-reconnect to steal your precious token

Frans Rosén postmessage Slack
AddThis Mathias Karlsson postmessage

postMessage XSS on a million sites

Mathias Karlsson postmessage

The pitfalls of postMessage