The attack scenario is not very realistic, but the details of the attack and why it caused a XSS are fascinating