I think that sort of url is fine as long as the ".." series doesn't
point back up above and out of the document root. If it does, and the
server allows it, then it is an enormous security hole, as it would
allow arbitrary execution of code anywhere on the server (although
privileges would still come into play)

HTH,

Barry

Anton Sherwood wrote:

>Nicholas Bodley wrote:
>
>
>><http://www.ottomansouvenir.com/Calligraphy/Calligraphy.htm>
>>
>>Most unfortunately (and frustratingly!) no images showed, in Opera 8.5. I
>>suspect that the URLs in the page source code might be at fault; they
>>contain "/../", which might not be standard. Perhaps editing those URLs to
>>their complete forms might make them visible; I didn't try.
>>
>>
>
>It works fine in Firefox. The source code looks ordinary enough.
>
>On my page http://www.ogre.nu/doodle/ do you see the colored background
>(green with yellow ripples)? That uses the same "../" syntax.
>
>
>



[Non-text portions of this message have been removed]