demonstration of all xss attacks as in notes
put the script as a comment
every person to visit the page triggers the script
sending their cookie to the attacker
in the comment
we are generating an (image) object
the source of the image is a url
this url is accessed by the browser
url→ script on the attacker server that takes current user's cookie as a parameter
! This means every person who reloads the page, generates an invisible image object that is accessed by the browser,
the browser sends a request with the victim user's cookie as a parameter to the attacker