Do some browsers ignore image URLs with non-image (i.e. script) extensions?
I read that extensionless image URLs are generally acceptable with the correct content-type header set.
However, if a script generates image output and sets the content type, but the URL in the image tag is .php for instance, will any browser deny the request as potentially malicious?
For instance:
<?php
// myimage.php
header( 'Content-Type: image/jpeg' );
echo read_file_contents( 'someimage.jpg.in' );
and
<img src="myimage.php" />
No - a browser will not deny the request as potentially malicious.
A response header defining the content type is important for this approach.
Two examples:
A lot of financial sites use this approach to generate their stock charts dynamically, (but most of them switched to JS solutions).
The logo of the official PHP website is rendered that way.
http://php.net/images/logo.php
The response header contains "Content-Type:image/png".
And this is the source-code for it: https://github.com/php/web-php/blob/master/images/logo.php
- How can I get a file's extension in PHP?
- Add a new class to img tag's class list
- Wrap <img> tag in a new tag and add alt attribute to the <img>
- Remove non-<img> tags from string
- Remove excess newlines/whitespace from multi-line <img> tag in HTML string
- Get whole img tag including its attribute declarations from a string
- Wordpress / Elementor How to pass data from one site to another
- Using WordPress post meta functions with array variables on WooCommerce orders
- Laravel casting JSON to array?
- Trying to match src part of HTML <img> tag Regular Expression
- smallest checksum on a string
- WordPress baseurl
- Get src value containing a specific keyword from all <img> tags
- Get src from square-braced shortcode text
- In Php what happens when an object fails to be instantiated?
- How can I get a href,Image src,title from given html using DomDocument
- extract image src value from special div in html file using php
- Use PHP composer to clone git repo
- Does php evaluate the second argument of an or statement if the first evaluates to false?
- PHP: Include/require file that was not properly escaped with <?php ?>
- PHP prefixing hex summation value with 1?
- Sort Array Keys To Specific Order
- Xdebug triggered by Code Sniffer in PHPStorm
- accept only english character in form validation in codeigniter
- How To Disable The WordPress Theme Editor
- PHP XLS Reader is writing extra columns
- laravel, how to set default value in Validator at post registeration
- Warning: mysqli_connect(): (HY000/1045): Access denied for user 'username'@'localhost' (using password: YES)
- Get one to many relationship in the pivot table of another many to many relationship in Laravel 11
- $_SERVER['HTTP_HOST'] not set