Re: "Moore's (benign) proof-of-concept demo from Halifax Bank" is broken...
It's not broken. The use of Google translate is crucial to this attack, as only code residing on Google's subdomain will execute.
(And 7 other Lloyds domains and 1 IBM wildcard)