|
|
You should be checking your inputs, and HtmlHelper::image() will help
escape your output. The helper will encode any entities in the
attribute values. You should still check that things that are
supposed to be images are in-fact images, and you should always be
careful with letting people add assets to your site.
-Mark
On Apr 16, 10:47 am, goluhaque <afzal...@xxxxxxxxx> wrote:
> If somebody submits a link to a javascript script rather than a pic/image,
> will the function($this->html->image() ) block it automatically, or do we
> have to build our own checker for that?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@xxxxxxxxxxxxxxxx For more options, visit this group at
http://groups.google.com/group/cake-php
|
|