Is It Secure To Blindly Trust Image Urls And Output Them Into Html Img Tags On A Site? Can It Be Used To Inject Code?
I have to process a feed from a data provider, in this feed they provide us with image URL, currently we download them and store them in our own media server, but I was wondering i
Solution 1:
Image URLs can of course point to scripts (with some URL rewriting) but there's no risk to get a script run from an image load. URL data is treated as binary image data, not as runnable text/script.
If it's a script, for your browser it's nothing more than a corrupted image file. So, no code injections risk. At least this is what I know.
Post a Comment for "Is It Secure To Blindly Trust Image Urls And Output Them Into Html Img Tags On A Site? Can It Be Used To Inject Code?"