Javascript XSS on img tag

[vinpkl]

hi

i was looking at this article about cross site attacks

https://www.owasp.org/index.php/XSS_...ript_directive

There many examples like

HTML Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<IMG SRC="javascript:alert('XSS');">
<img src="javascript:alert('XSS');" alt="" />
</body>
</html>

But the both image tags dont open any alert box.

I just want to check safety against XSS attacks

vineet

[Pullo]

Hi,

Most modern browsers are clever enough to block stuff like this, if you just make a web page and include this in the body.
I'm no expert, but one real danger of XSS is when you are accepting user input and doing something with it on the server side.
If you want to check out a site which is intentionally vulnerable to XSS, visit: http://www.insecurelabs.org/
For example, go to the talks page and try typing <script>alert("Hello");</script> into the search field.
This might be worth looking at, too: http://www.insecurelabs.org/Task