I was thinking if an image is injected, it'd be injected by a script loaded from... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dawnerd on Jan 8, 2019 \| parent \| context \| favorite \| on: How LinkedIn detects browser extensions I was thinking if an image is injected, it'd be injected by a script loaded from the plugin thus trusted.

tinus_hn on Jan 9, 2019 [–]

It’s a logical thought but that isn’t how it works.

A script doesn’t really inject an image, it injects an image tag which contains a reference to the image. As the image gets loaded there is no check who created the tag.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact