I would like to know if it is possible to inject some javascript code through an img-tag. The scenario is that one sets up a html-page like this
<img src="anotherdomain.com/someimage.jpg" />
Anotherdomain is my domain. Is it possible to redirect the call for /someimage.jpg to another file containing som javascript code that is executed when the image is requested?
The browser should not make an attempt to execute code received via an <img>
tag as JavaScript. The script would be delivered to the browser, but in its place would be a broken image that could not be displayed.
Browsers will only execute scripts received in a <script>
tag or onclick,onmouseover,onmouseout,etc...
attributes as a basic security principle