This Image is Also an HTML Webpage
Ben Halpern Aug 05, 2016
Here is an image:
But it is also an HTML page. Here is the markup for the above image:
<img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dmuuPpbC--/c_limit,f_auto,fl_progressive,q_auto,w_880/http://lcamtuf.coredump.cx/squirrel/" />
Now try visiting that webpage:
Pretty cool, eh?
I did not make this. I am just showing you because it is cool.
Here is an explanation of what is happening:
- The file is a valid jpeg file with some html in metadata.
- The server responds with Content-Type: text/html, making browser interpret the response body as html.
- Browser ignores jpeg header until it sees and starts to render the html.
- The html in the jpeg metadata ends with "<!--" , which starts html comment.
- The html has that renders the file as image.
I found this hack fascinating, and I hope you did too.