UK company "><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD" told to change its name

A British company named "><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD" was ordered to change its name after regulators realized what was funny about it: it is a snippet of malicious HTML code that exploits poorly-designed software. Such as the software used by Companies House, the UK's register of corporations.

The company now legally known as "THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD" was set up by a British software engineer, who says he did it purely because he thought it would be "a fun playful name" for his consulting business.

He now says he didn't realise that Companies House was actually vulnerable to the extremely simple technique he used, known as "cross-site scripting", which allows an attacker to run code from one website on another.

A good example of the situation: attempting to paste the name of the company into WordPress's "blocks" post-editing form fails. By adding an escape character to the beginning, it pastes as "> LTD"</p>. To make it appear in this post correctly, I had to convert the name to a series of HTML entities and edit the HTML of the post directly. Here's how it looks otherwise:

Magnificently good troll.