Try a meta tag
This crate is just a test, I'm trying to find if cargo.io and/or docs.rs may be vulnerable to XSS.
Try to hover this image
Try to execute javascript with src attr in img tag
<