Exploit is demonstrated in the attached video. Fix of this flaw requires an architectural change - using an HTML code sanitizer that neutralizes dangerous tags like script, dangerous attributes like onmouseover and dangerous URI schemes like javascript:.
opps.zip