This page is designed to test the image alt attribute attack. The attack
sends signals on page load as part of the background image URL of
unblocked requests.
For uBlock Origin: uBlock Origin will trigger the alt backgrounds
if the element is blocked only, and unblocked requests load successfully.
So, we point the URL to a real image. This way, the alt attribute is
triggered if the URL is blocked.
Attack Pros
This attack does not require any script. All scripts present in this
demo are strictly to help visualize the attack: One script connects a
service worker to act like the adversary server, and other scripts
helps with visualizing the attack parameters for the viewer.
This attack can be stealthy. At this moment, even while not trying to
hide the images, many images we load are originally single pixels and
don't show up. Click this button to hide/show the attack boxes:
We make the attack boxes invisible by lowering the opacity and
allowing no events to pass through. This way, the attack can be hidden
from the user.
The attack works even if JavaScript is disabled.
Attack Cons
The attack is restricted to generic network rules.
The fattack does not work on chromium because of non-standard ways of
styling the alt attribute.
