Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
On practically every XSS mitigation guide I’ve seen, the following pattern is mentioned:
<img src="javascript:evil();">
What legitimate use could this possibly have? Can you use JS code to generate a base64-encoded representation or something?
It doesn’t have many legitimate uses.
The way it works is probably because you can use any protocol there, and some browsers implement the
javascriptpseudo protocol, which can be invoked from multiple places.