I think this is slightly overblown, but there’s an interesting aspect to it. The 8chan XSS is effectively persisted using local storage. They could clear the infection, but that would presumably erase all the legit saved data. So I guess they put up with it until they can write some disinfection routines? And then they have to leave that on their site until forever to catch intermittent visitors. Good lord, remember the good old days when you could clean up from an XSS attack with a few SQL delete statements?
I think this is slightly overblown, but there’s an interesting aspect to it. The 8chan XSS is effectively persisted using local storage. They could clear the infection, but that would presumably erase all the legit saved data. So I guess they put up with it until they can write some disinfection routines? And then they have to leave that on their site until forever to catch intermittent visitors. Good lord, remember the good old days when you could clean up from an XSS attack with a few SQL delete statements?