I have recently been working in a security project and i have a task to demonstrate that javascript code injection can be done when the user upload an malicious image and this is a lack of security if it's not handled . what i did is i used EXIFeditorto inject the image with some javascript code and than i uploaded the image into the browser using this code

我最近在一个安全项目中工作，我有一个任务来证明当用户上传恶意图像时可以完成 javascript 代码注入，如果不处理，这是缺乏安全性的。我所做的是我曾经EXIFeditor用一些 javascript 代码注入图像，然后使用此代码将图像上传到浏览器中

 protected void Upload_File(object sender, EventArgs e)
{
    var postedFile = Upload_fu.PostedFile;
    string fileName=new FileInfo(postedFile.FileName).Name;
    string path = Server.MapPath("~/images/" + fileName);
    postedFile.SaveAs(path);
    Success_msg.Text = "successfully saved";
    img_sr.ImageUrl = "~/images/" + fileName;
}

Where img_sris an <asp:Imageand Upload_fuis <asp:UploadFilethe javascript code i've injected is a simple alert("Hello world")the problem is the code is not being executed. can u guys tell me how should i make it execute and can u show me some link that can give me a hint or something to make that happen .I tried it on firefox 21 and IE 9,I've posted my question in Infomation Security but no one answer ,I hope you guys can help .thank u

哪里img_sr是<asp:Image和Upload_fu是<asp:UploadFilejavascript代码我已经注入是一个简单的alert("Hello world")问题是没有被执行的代码。你们能告诉我我应该如何让它执行吗，你能告诉我一些可以给我提示或实现它的链接吗。我在 Firefox 21 和 IE 9 上尝试过，我已经在信息安全中发布了我的问题但没有人回答，我希望你们能帮忙。谢谢你