Is it secure to blindly trust image urls and output them into html img tags on a site? Can it be used to inject code?

后端 未结 1 947
独厮守ぢ
独厮守ぢ 2021-01-25 16:07

I have to process a feed from a data provider, in this feed they provide us with image URL, currently we download them and store them in our own media server, but I was wonderin

相关标签:
1条回答
  • 2021-01-25 16:34

    Image URLs can of course point to scripts (with some URL rewriting) but there's no risk to get a script run from an image load. URL data is treated as binary image data, not as runnable text/script.

    If it's a script, for your browser it's nothing more than a corrupted image file. So, no code injections risk. At least this is what I know.

    0 讨论(0)
提交回复
热议问题