The image reference tag is for an image. As stated previously, if you look at th... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

aioprisan on Aug 10, 2016 | parent | context | favorite | on: This JPEG is also a webpage

The image reference tag is for an image. As stated previously, if you look at the JPEG itself, it starts off with a JPEG comment, which embeds the entire html block, then starts a comment block for the remainder of the JPEG data. Browsers are very liberal in what they accept, so that initial 20-byte header is ignored, although you can see it if you inspect the page's elements.

yathern on Aug 10, 2016 [–]

Yes, I get that - but if a tracking pixel is downloaded and interpreted as a jpeg, then it will parse anything in the COM section as a comment, and not execute anything in it, unless there was some sort of vulnerability in the JPEG implementation

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact