I am creating a page wherein user will specify the url of an image.

Question

0

Asked: May 18, 20262026-05-18T05:38:43+00:00 2026-05-18T05:38:43+00:00

I am creating a page wherein user will specify the url of an image.

0

I am creating a page wherein user will specify the url of an image. This url will be stored in DB, and then it will be retrieve back to display the image. So far it is good if the user is not trying to be mischievous.

But now going by http://ha.ckers.org/xss.html , a user can also specify a url which is actually a script.

<IMG SRC=javascript:alert('XSS')>

I tried this in a page but this didn’ do any harm. [ no alert is shown ]
So the point is, do i really need to care what the user is specifying? If yes, then what are the cases/scenario which i need to consider, and how to do that?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T05:38:43+00:00

Editorial Team

2026-05-18T05:38:43+00:00Added an answer on May 18, 2026 at 5:38 am

As long as you get anything from untrusted source, you need to take care of it. In this case, users can write some harmful code to break your html.

<img alt='' src='' />alert('xss');<!--'-->

Also user input should be handled in different approaches when being used in different places. E.g. Url encode, Html encode, Javascript encode.

In summary, don’t trust user input!

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am creating a page wherein user will specify the url of an image.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply