|
|
|
|
|
|
by fragmede
16 hours ago
|
|
|
Bank websites just spit out text they're given, and web browsers just read the text they're given. So back in the day, before webdevs cleaned the input (because you can never ever trust human provided data), your statement descriptor (the bit on your credit card statement that says who the charge is from and what it's for), could be <script>alert('u got hacked') and that would pop a JavaScript alert. That's long been closed, naturally, but it's not like we haven't had to deal with this before. |
|
|