Checks for any escaping from the img tag attribute from encoded input without using double quotes
<img src="/image.png" tag="html($[chr])><iframe><!--">
if (document.querySelector('iframe')) {0x0D log($[chr]);0x0D }
1
1
1