As with anything from any user it should never be trusted. I would say whatever anyone submits you validate so if they are submitting a link, so submit an image I am guessing its being uploaded so make sure its an image thru validation of the field / data
Is that what you mean? K From: [email protected] [mailto:[email protected]] On Behalf Of goluhaque Sent: Saturday, April 16, 2011 12:17 PM To: [email protected] Subject: $this->html->image() vulnerabilities If somebody submits a link to a javascript script rather than a pic/image, will the function($this->html->image() ) block it automatically, or do we have to build our own checker for that? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
