Without looking into the source, I'd bet someone tweeted the "exploit", just to make the point that going to that page basically runs arbitrary javascript in your browser.