You should be checking your inputs, and HtmlHelper::image() will help escape your output. The helper will encode any entities in the attribute values. You should still check that things that are supposed to be images are in-fact images, and you should always be careful with letting people add assets to your site.
-Mark On Apr 16, 10:47 am, goluhaque <afzal...@gmail.com> wrote: > If somebody submits a link to a javascript script rather than a pic/image, > will the function($this->html->image() ) block it automatically, or do we > have to build our own checker for that? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php