Do some browsers ignore image URLs with non-image (i.e. script) extensions?
I read that extensionless image URLs are generally acceptable with the correct content-type header set.
However, if a script generates image output and sets the content type, but the URL in the image tag is .php for instance, will any browser deny the request as potentially malicious?
For instance:
<?php
// myimage.php
header( 'Content-Type: image/jpeg' );
echo read_file_contents( 'someimage.jpg.in' );
and
<img src="myimage.php" />
No - a browser will not deny the request as potentially malicious.
A response header defining the content type is important for this approach.
Two examples:
A lot of financial sites use this approach to generate their stock charts dynamically, (but most of them switched to JS solutions).
The logo of the official PHP website is rendered that way.
http://php.net/images/logo.php
The response header contains "Content-Type:image/png".
And this is the source-code for it: https://github.com/php/web-php/blob/master/images/logo.php
- I got this error "Use of a direct database call is discouraged"
- PHP replace string with values from array
- How to Validate Bitbucket Webhook Signature Using Secret Key?
- Declaring Variable Types in PHP?
- How can I detect a malformed UTF-8 string in PHP?
- Use WC Kalkulator product field values to update WooCommerce cart item product properties
- What is the difference between strcmp() and Spaceship Operator (<=>)
- Validate UUID with Laravel Validation
- Artisan Call output in Controller?
- PHP Fatal error: Uncaught RuntimeException: Unable to create the Doctrine Proxy directory on SuiteCRM clean installation
- Xdebug not writing to file
- SUBMIT button value sent only when clicked
- Use integer for relation
- PHP switch case to update array not affecting array
- WooCommerce Orders and Items Array with JQuery DataTables
- Download file or Open if file type is PDF
- How to change default timeout of Http Client in Laravel
- PHP Symfony parse JSON response deserialize class constructor
- Initializing a huge array (50000 entries)
- Adding Tanstack react-query to laravel 11 reactjs inertia project
- Calling Python in PHP
- How to filter the output of the data received from the database based on the meta relation?
- Laravel 7 Eloquent relationships not working
- Virtual (generated) columns in Doctrine
- PHP Shorthand If/Else when using return
- Database Charset Environment After Migration
- How to get Blade template view as a raw HTML string?
- Display WooCommerce Product Dimensions via a Shortcode
- PHP CRUD JSON file instead of a database like mysql
- How to POST blob as a file using JavaScript?