[thelist] Pop up images

Chris at globet.com Chris at globet.com
Mon Mar 27 09:19:34 CST 2006

Mark (et al)


> <a href="images/popup.htm?ColleenONiel-l.jpg" 
> onclick="popup(this.href, this.target,600,450); return false;">

This will degrade nicely for users without javascript.


> <script type="text/javascript">
> if (location.search.length > 0);
> img = unescape(location.search.substring(1));
> //alert(dataPassed);
> document.write("<img src="+img+">")
> </script></p>
> </body></html>

This will not. I would process the  server-side to ensure that
javascript is not required. I would also check that the image name
specified represents an actual image file available within the specified
directory, to prevent XSS attacks. What do you think?

Chris Marsh
Web Developer
Tel: +44 20 8246 4804 Ext 828
Fax: +44 20 8246 4808

Any opinions expressed in this email are those of the individual and not
necessarily the Company. This message is intended for the use of the
individual or entity to which it is addressed and may contain
information that is confidential and privileged and exempt from
disclosure under applicable law. If the reader of this message is not
the intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please contact the
sender immediately and delete it from your system. 

More information about the thelist mailing list