I built a small demonstrator for Cross-Site-Scripting (XSS) attacks in impress.js. It would be a waste to let it stay on my computer, because I think it could help you giving a brief lecture on XSS. Much more interesting, probably, is my implementation of the whole thing: the cockpit (a header and footer that provide a visual frame, while the viewpoint navigates the 3-dimensional space of your presentation) and the handling of input to modify contents of successive slides.