Shopify - Xss in website's link
A popular XSS method is to use
in locations where you are allowed to add a link on your profile to your blog, facebook page, etc.
Judging by the payload used
It is safe to assume that Shopify was using a little bit of input checked and was ensuring that http:// existed in the string, albeit not at the beginning.
- No closing tag is required for the comment (like /* other comment format */)