The /r/netsec Monthly Discussion Thread - December 2018

I tried my hand at a NetSec puzzle - spent two hours solving it and now I don't understand how lol (Complete newb here). Could anyone eli5 please?

This is the code (I scrambled the atob):

    function OnClick()
    {
        var flagValue = document.getElementById("flagInput").value;
        var xorFlag = '';
        for (var i = 0; i < flagValue.length; i++)
        {
            xorFlag += String.fromCharCode(128 ^ flagValue.charCodeAt(i));
        }

        if (xorFlag == atob("dw)(Ä39xz0/$"))
        {
            alert('you won');
        }
        else
        {
            alert('try again');
        }

        console.log(xorFlag);
    }

I ran the atob function elsewhere and inputted it in flagInput. The websites console returned a reply. Let's say the reply was "hello kitty". I then inputted "hello kitty" in flagInput and the puzzle was solved.

I understand that xorFlag must equal the atob but I don't understand what the loop is doing.

/r/netsec Thread