HTML5 Security, XSS, and Client Side Hacks
The image is not even hosted on my server so could this enable cross domain resource sharing somehow?
This is cool, I made an demo using an image hosted on imgur:
edited January 2015
Here is one with redirection to another domain:
And here is one with ajax GET call to same page (inside of an image):
And here is one with ajax GET call to same page (inside of an image): http://browsercode.com/a/lkkMl