Task: To allow users to include images from another server into a web page.

What should be considered to make it safe?

How to check that the link leading to a file is a working image that does not contain malicious code, which, for example, will steal a user's cookie?

  • If the image is not an image, the browser will simply not display it. The browser will not execute the code inside the image - andreymal
  • And how is this. Create a file img.php, in which the output image and malicious code. In .htaccess through RewriteRule we force img.php to be displayed as img.jpg. Now it turns out example.com/img.jpg... with the image in mind, but it contains malicious code. src in <img> accepts any links, even if the link without an extension is Denis Heavenly
  • one
    This “malicious” code will be executed on the server, not in the browser. He will not be able to influence the browser and the user in any way - andreymal
  • PHP is executed on the server - Ipatiev

0