Reputation: 17383
injection script by using src tag
Someone wants me to using this tag to get number of my page loaded and some information.
but I don't know, Could it be dangerous?
<img style="display: none;" src="https://www.******/Distribute/PopSell/5" />
for example, it could print a custom script or anything ?
Upvotes: 0
Views: 59
Answers (1)
Reputation: 115
he will be able to count times get the url,your vistors ip,refferrs,time,browser some information (normal) and same information wich he get from his website visitors
he can not (xss) your site put he able to view any image by control his url & script and just listen to your vistors count & normal information using in analaytics ..
here example to use javascript in src
put the static url and do not worry
He can not run any code in your page without changing this link that you've already set by you and make sure that free of any code
Even if used redirection
To reserve and you can put added
<img class="no_borken" src="http://hisValidURL...">
<script>
$('.no_borken').error(function () {
$(this).attr('src', 'images/error.png');
});
</script>
Upvotes: 1
Related Questions
- Cross Site Scripting injection
- Javascript Injection prevention on Wordpress
- how to prevent javascript injection in java
- Javascript Injected in browser
- Html injection into javascript code
- JS Injection in Wordpress
- Javascript security problem
- Inject code without the src attribute?
- HTML script injection via javascript
- Javascript injected into URL