识别码和img src属性 [英] Identification code and img src property
问题描述
<img alt="" name="Code_Verify" id="Code_Verify" align="top" src="/ipcast_os/login_auth/display_verify"/>
src是一个url,这个url会调用一个返回识别码图像的函数。
为什么src属性不是图像文件的路径?提前谢谢。
(我使用python和Django)
src is a url, and this url will call a function that it return a image of identification code.
why does the src property is not a path of a image file? thanks in advance.
(i use python and Django)
推荐答案
这两个项目是无关的。属性id只是唯一标识任何HTML元素。它的主要用途是通过JavaScript获取id的值的HTML DOM对象:
These two items are unrelated. The attributeidjust uniquely identify any HTML element. It''s main use is getting an HTML DOM object by the value ofid, by JavaScript:
myElement = document.getElementById(idValue);
现在,关于 src 属性。为什么它不是图像文件?只是因为它不一定是。首先,HTTP服务器可以使用索引文件和其他与URI相关的技术来隐藏真实的图像文件。我只解释一个案例,即索引文件。实际上,该URI可以是虚拟目录名称(虽然它不正确,请参见下文)。在服务器端的此目录中,您可以通过其名称模式将文件识别为索引文件,例如 index.html , index.htm 等(索引文件名的规则是可配置的)。实际上,这可能是图像文件,但您无法从URI中看到它。而且,它不必是图像文件。如果是服务器端脚本文件,它设置适当MIME类型的HTTP头,例如image / jpeg,image / png。
这里,您应该理解,对于Web浏览器,文件类型的文件名起最小的作用。实际MIME类型将在content-typeHTML标头中发送到浏览器。请参阅:
http://en.wikipedia.org/wiki/MIME [< a href =http://en.wikipedia.org/wiki/MIMEtarget =_ blanktitle =New Window> ^ ],
http://www.iana.org/assignments/media-types/image [ ^ ],
http://en.wikipedia.org/wiki/Content-type [ ^ ]。
最后,我需要解释一下'是什么'错误的 src =/ ipcast_os / login_auth / display_verify。这是一个非常糟糕的URI,它可能无效。事情是这样的:HTTP服务器应该只访问服务器主机的文件系统的那些文件,这些文件放在为该站点配置的根目录下的目录中。这是一个非常基本的安全问题。此URI从文件系统的根目录开始;看看前面的''/''符号。在任何情况下都不能使用绝对本地服务器的文件系统路径。想象一下,这个文件路径是有效的;它位于网站的根目录下。但是,如果您决定重新安置该网站该怎么办?它可以由托管服务提供商完成,而不会通知您;这将是一个非常合理的行动。您的所有网站可能会被销毁为不一致的状态。 URI应该是相对的,或者基于Internet方案,例如http://,ftp://,https://等。在这种情况下,目录路径将是相对于该网站的根目录。
另请参阅: http:/ /en.wikipedia.org/wiki/URI_scheme [ ^ ]。
Now, about src attribute. Why it is not an image file? Just because it does not have to be. First of all, HTTP servers can use index files and other URI-related techniques which hide the real image file. I will explain only one case, the index file. Actually, that URI can be the virtual directory name (it is incorrect though, please see below). In this directory on the server side, you could have a file recognized as index file by its name pattern, such as index.html, index.htm and the like (the rule for index file name is configurable). So, actually, this could be the image file, but you cannot see it from the URI. Moreover, it does not have to be an image file. If could be the server-side script file which sets the HTTP header of appropriate MIME type, such as "image/jpeg", "image/png".
Here, you should understand that for a Web browser, the file name of file type plays the minimal role. Actual MIME type is sent to the browser in the "content-type" HTML header. Please see:
http://en.wikipedia.org/wiki/MIME[^],
http://www.iana.org/assignments/media-types/image[^],
http://en.wikipedia.org/wiki/Content-type[^].
And finally, I need to explain what''s wrong with src="/ipcast_os/login_auth/display_verify". This is a really bad URI, and it can be invalid. Here is the thing: HTTP server should access only those file of the server host''s file system which are placed in the directories under the root directory configured for the site. This is a matter of very basic safety. This URI starts from the root directory of the file system; look at the leading ''/'' symbol. There are no cases where the use of absolute local server''s file system path can be useful. Imagine that this file path is valid; it is located under the site''s root. But what if you decide to relocate the site? It could be done by the hosting provider, without notifying you; and this would be quite a legitimate action. All your site may be destroyed into inconsistent state. The URIs should be either relative, or based on Internet scheme such as "http://", "ftp://", "https://", etc. In this case, the directory path will be the path relative to the site''s root directory.
See also: http://en.wikipedia.org/wiki/URI_scheme[^].
这篇关于识别码和img src属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
