Discovered an iFrame hijack using window.open and two iframes that allowed me to do some fun postMessage stuff.