alert(1)を実行させてください。ただし、リンク先のサーバへの細工は一切出来ないものとします（javascriptスキームへのリダイレクトとかは禁止ということで）。

Execute alert(1), but you can not customize server linked from IMG element (for example, redirection to "javascript:" scheme is not allowed).

< html > < head > < meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" > < title > XSS challange ( execute alert()) </ title > < script type = "text/javascript" > var w = null ; function isValidUrl ( url ) { var l = url.length; if ( l== 0) return false ; for ( var i= 0 ; i < l; i++ ) { var c = url.charAt ( i ) ; if ( c <= " " ) return false ; if ( c == "<" ) return false ; if ( c == ">" ) return false ; if ( c == " \" " ) return false ; if ( c == "'" ) return false ; if ( c == "&" ) return false ; if ( c == ":" ) return false ; if ( c == "?" ) return false ; if ( c == "+" ) return false ; if ( c == "%" ) return false ; } if (( l >= 2) && ( url.charAt (0) == "/" ) && ( url.charAt (1) == "/" )) { return false ; } return true ; } function addImg ( w, url ) { try { w.resizeTo (200 , 200) ; if ( !isValidUrl ( url )) return ; w. document .write ( "<img src= \" " ) ; w. document .write ( encodeURI ( url )) ; w. document .write ( " \" >" ) ; } catch ( e ) { } } function exec () { if ( !w ) { w = window .open () ; w. document .write ( "<html><head>" ) ; w. document .write ( "<meta http-equiv= \" Content-Type \" content= \" text/html; charset=utf-8 \" >" ) ; w. document .write ( "<title>target< \/ title>< \/ head>

<body>

" ) ; } addImg ( w, document .getElementById ( "i1" ) .value ) ; } function finish () { if ( w ) { w. document .close () ; }} </ script > </ head > < body > < form > < input type = "text" id = "i1" value = "" > < input type = "button" onclick="exec () " value = "ADD IMG" > < input type = "button" onclick="finish () " value = "finish" > </ form > </ body > </ html >

LinuxではXSSを可能にする文字が入力できないかもしれません（On Linux, it may be impossible to input character to enable XSS. )