DEV Community

Discussion on: Stealing Accounts with an IMG Tag

nastyox1 profile image
nastyox Author • Edited on

It's not scary if you know how to stop it from happening! It's important to note that this style of attack (cross-site scripting) is consistently rated the most commonly executed attack method. While it's easy to guard against (as noted at the end of this article), developers that aren't aware of it will almost certainly leave it unguarded. In an unguarded situation, all you'd have to do is paste that cookie-stealing image tag into the comment section, your username field, or wherever else you're meant to be adding text to the website. That's why it's so important to talk about it and not just assume all developers know about it already. It does pose a very real threat if not defended against correctly.

Thanks! I'm glad you're enjoying my content, especially enough to interact with it in the comment sections.