Post comments by injecting code into your profile picture

This is a follow-on to this article about JS injection in foxnews.com. That article pointed out that…

A lot of websites have JS injection vulnerabilities and will run code embedded in URLs. This means if the website stores your data in cookies or localStorage thinking only you can access it, now this code can access it.