aspose file tools*
The moose likes JSP and the fly likes Pixel image call/web bug and CSS/CSRF Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Pixel image call/web bug and CSS/CSRF" Watch "Pixel image call/web bug and CSS/CSRF" New topic
Author

Pixel image call/web bug and CSS/CSRF

Steven Colley
Ranch Hand

Joined: Feb 18, 2005
Posts: 290

Hello all....

I have a question.....

Given the two tags (pixel image call / web bug) bellow (which perform HTTP calls to other domains than the ones of the page that they are running).....

For what concerns CSS and CSRF......



- What is the REAL possibility of having logic embedded into the image GIF which is supposed to be delivered as part of the HTTP response?
- Could the browser end up running malicious code and crash the user's browser?
- any other threat here?



- What is the possibility of having logic embedded into the response?
- Could the browser end up running malicious code here?
- any other threat here?

Thank you in advance,

Saurabh Pillai
Ranch Hand

Joined: Sep 12, 2008
Posts: 507
A quick google and I found this link about http://ask-leo.com/can_a_virus_be_transmitted_in_a_picture.html.

I think, Javascript and CSS may contain a virus.

I have not seen many developers worry about this anyway.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Pixel image call/web bug and CSS/CSRF