possible XSS... ?

I am able to modify the following contents to include anything I want here besides double quotations:

<div style="background-image:url('/api/assets/##HERE##');"></div> 

Is there a XSS vulnerability possible here? I know it's possible with double quotes, but it seems like the only character that I won't be able to input - unless there is a way around it.

submitted by /u/coinfang
[link] [comments]

from hacking: security in practice https://ift.tt/TR35yxa