This attack is a form of Cross-Site Scripting (XSS) where malicious
						scripts are embedded in elements that are not expected to host scripts such
						as image tags (<img>), comments in XML documents (<
						!-CDATA->), etc. These tags may not be subject to the same input
						validation, output validation, and other content filtering and checking
						routines, so this can create an opportunity for an attacker to tunnel
						through the application's elements and launch a XSS attack through other
						elements.