<img src="{user.profilePic}" />
imgur.com/123
imgur.com/123
" onload="alert(':(')
<img src="" onload="alert(':(')" />
https://site.com/add-admin?id=123
<img src="...
</html>
<html>
<html>
<script>
alert(':(');
</script>
</html>
profile-picture.png
Content-Type: image/png
X-Content-Type-Options: nosniff
// ...... GIF file data ...... //
// ...... JAR file data ...... //
profile-picture.gif
Gifar
// ...... GIF file data ...... //
// ...... JAR file data ...... //
event-stream
flatmap-stream
867,232
npm audit
yarn audit