HTML and CSS Reference
Although the image transmission is not at all bad during a chat application, the user
sent the image by injecting HTML code. In a similar way, somebody could execute
What can we do? Taking into consideration the old rules about XSS attacks still
works and is the best practice. Things you can do are checking your code for HTML
or simply rejecting them.
more information if you want to learn every aspect of XSS attacks, and how to avoid