by *Emelia K. Fletcher » December 9th, 2011, 2:00 pm
You know that the image is displayed with <img src="URL here" />, right? That's part of HTML, the code that makes up all websites. If you've tried the Katamari exploit before (where you have a Katamari ball on your webpage), you'll know you enter code into the URL bar and press Enter. The same thing applies to HTML, except it doesn't execute anything, it shows it.
Like, typing <h1>Header!</h1> would put the word 'Header!' in big and bold font. The browser just reads the URL, finds HTML in it, and decides to show it.