Javascript XSS on img tag

hi

i was looking at this article about cross site attacks

https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Image_XSS_using_the_JavaScript_directive

There many examples like

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<IMG SRC="javascript:alert('XSS');">
<img src="javascript:alert('XSS');" alt="" />
</body>
</html>

But the both image tags dont open any alert box.

I just want to check safety against XSS attacks

vineet

Hi,

Most modern browsers are clever enough to block stuff like this, if you just make a web page and include this in the body.
I’m no expert, but one real danger of XSS is when you are accepting user input and doing something with it on the server side.
If you want to check out a site which is intentionally vulnerable to XSS, visit: http://www.insecurelabs.org/
For example, go to the talks page and try typing <script>alert("Hello");</script> into the search field.
This might be worth looking at, too: http://www.insecurelabs.org/Task