Netcraft: Hacker redirects Barack Obama’s site to hillaryclinton.com. Okay, folks, here’s the thing: never trust any place where a user can enter text into your website and have it displayed back at you. Never trust any text that comes from a form field on your site. Because if you do, smart and devious people like Mox here can use your trust to do embarrassing things to your visitors.
On the (very) slightly mitigating side, the attack was not against the main Obama website but his community blog platform, and the vulnerability that was exploited has already been closed. But this type of vulnerability, Cross Site Scripting, is insidious unless you begin your web application with the assumption that all user input needs to be sanitized. And even then, it’s not enough to check your code; you need to check all the third party code that makes up your site.
It would be immodest of me to mention that my company’s service can do just such a check, without requiring you to build security expertise inhouse and for a modest fee.