back to article Criminal mastermind injects malicious script into Ethereum tracker. Their message? '1337'

Ethereum-tracking website Etherscan has resolved a cross-site scripting issue on its domain. Though among the world's top-2,000 websites (1,379th per Alexa), Etherscan fell foul of one of the net's most common security slip-ups. Cross-site scripting (XSS) refers to when a hacker is able to inject a script into a vulnerable …

  1. Kevin McMurtrie Silver badge

    HTML5

    I thought HTML5 was the cure by keeping code separate from content. The server produces static pages. JS requests data separately, builds HTML elements, then places the data into text attributes. At no point does user-generated dynamic content get into the executable or structural areas.

    1. MiguelC Silver badge

      Re: HTML5

      nothing is ever idiot-proof.. it only serves to find better idiots

    2. MatsSvensson

      Re: HTML5

      In other words you have zero idea what HTML5 is.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like