Re: RE: $this->html->image() vulnerabilities

No, the image is not to be uploaded. Rather, it is to be linked. I mean, say the image is hosted at some other website at say, http://url.com/image/cheese.jpg . This link will be submitted but the user and will be stored in the db. On the profile page(assume it's a sig or an avatar), it is displayed by using $this->html->image()  . My question is that whehter the function only displays images(meaning to say that it won't allow the js script to be executed, if such a link has been submitted) or will it execute the js script? 

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php