Menu
I'm working on an app that would allow people to enter arbitrary URL's that would be included in <a href="ARBITRARY URL"> and <img src="ARBITRARY URL" /> tags.
What type of security risks am I looking at?
The app is coded in PHP, and the only security countermeasure I currently perform is using PHP's htmlentities() function against the input URL before sending it as HTML. I'm also checking to make sure that the URL text starts with either http:// or https:// but I don't know if that's accomplishing anything, security wise.
What else should I be doing to ensure the security of my end users?
806
The <img> tag is used to insert an image into a document. This element must not contain any content, and does not need a closing tag.
Definition and Usage The <img> tag is used to embed an image in an HTML page. Images are not technically inserted into a web page; images are linked to web pages. The <img> tag creates a holding space for the referenced image.
The <img> tag has 2 required attributes - src and alt. The <img> tag may support (depending on the browser) the following image formats: jpeg, gif, png, apng, svg, bmp, bmp ico, png ico.
In HTML, you use the <img> tag to add images to websites. It is an inline and empty element, which means that it doesn't start on a new line and doesn't take a closing tag (unlike the paragraph ( <p> ) tag, for instance).
Take a look at the XSS Checklist.
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
