Toggle navigation
BrowserCode
Categories
Discussions
Activity
Sign In
Home
›
Code
HTML5 Security, XSS, and Client Side Hacks
Info
November 2014
in
Code
Did you know you can execute JavaScript hidden inside of an image?
XSS vulnerability by using JavaScript in Image
The image is not even hosted on my server so could this enable cross domain resource sharing somehow?
Tagged:
image
xss
security
hacking
Comments
bob
November 2014
This is cool, I made an demo using an image hosted on imgur:
http://browsercode.com/a/5xwYl
Info
January 2015
edited January 2015
Here is one with redirection to another domain:
http://browsercode.com/a/ygo4y
And here is one with ajax GET call to same page (inside of an image):
http://browsercode.com/a/lkkMl
Sign In
or
Register
to comment.
Comments
http://browsercode.com/a/5xwYl
And here is one with ajax GET call to same page (inside of an image): http://browsercode.com/a/lkkMl