XSS attack in javascript

XSS attack in javascript


when you have translated the double quotation marks and double angles bracket, how can I attack when your input is the img src?


I’m not sure what you mean. Do you mean if there is an input field on the page that is supposed to take a URL that will be used as the source for an image? Like injecting something along the lines of:
<IMG SRC="javascript:alert('XSS');">
into an image?