Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp

Co-authored-by: Esben Sparre Andreasen <esbena@github.com>

javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp

@@ -25,7 +25,7 @@ Always verify the sender's identity of incoming messages.
 <sample src="examples/postMessageWithInsufficientCheck.js" />
 
 <p> In the third example, the `MessageEvent.origin` is properly checked against a trusted origin. </p>
-<sample src="examples/postMessageWithInsufficientCheck.js" />
+<sample src="examples/postMessageWithOriginCheck.js" />
 
 </example>