DEV Community

Discussion on: This Image Is Also a Valid Javascript File

Collapse
cyril_ogoh profile image
ogoh cyril

Exactly
This post is a zero day attack 😂😂😂

But we want to execute it anyway. Our solution here is to just not tell the browser that it's an image. For that I wrote a small server that serves the image without any header information

Its a nice project tho

Collapse
vsetka profile image
Vladimir Šetka • Edited on

How is it a zero day attack? The <img> tag will never execute its content as javascript, regardless of the response headers.