lemmy.world is a victim of an XSS attack right now and the hacker simply
injected a JavaScript redirection into the sidebar. It appears the Lemmy backend
does not escape HTML in the main sidebar. Not sure if this is also true for
community sidebars.
[https://sh.itjust.works/pictrs/image/707c0f16-3d5c-4888-b865-34228d968ee6.png]
Wow a .zip domain already being used for bad, who could have seen that coming…
Generic TLDs are terrible all round if you ask me, but I still can’t believe ICANN was somehow collectively stupid enough to approve ‘.zip’. Regulatory capture by Google, I guess?
For anyone unaware of the issues with ‘.zip’ as a top-level domain, see here: https://financialstatement.zip/