Home/ Questions/Q 8468449
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T15:56:08+00:00

I’m going to allow users to set an image with a link on my

  • 0

I’m going to allow users to set an image with a link on my site. e.g. a profile picture and a profile link.

I will not let them upload said image, but let them give an url that i will insert into a img src.

I want to do basic checks for the best know xss patterns someone may use my site for, but thing is, i have no list of samples to check my functions works. As it is, even if I write a full RFC compliant parser to check every aspect of the URL, i will still not know what i should guard against.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would do the following

    • Check that the URIs start with http:// or https://
    • URI encode the URI before printing it on the img src.

    The first one is to make sure no javascript:, vbscript: etc. URLS are allowed. The second one is to escape any character that can cause damage (like “, ‘, <, > etc.).

    Still a good resource for pattern, though a bit dated: http://ha.ckers.org/xss.html
    Another great resource: http://html5sec.org

    • 0