Mechanize 'redirect' problem

clone4 has asked for the wisdom of the Perl Monks concerning the following question:

hi monks,
I've been using module WWW::Mechanize for some while, without encountering any problem, until now... I need to achieve fairly simple task, here is the code:

use WWW::Mechanize;

$mech = WWW::Mechnize->new;
$mech->get('http://google.com');

print $mech->content;
[download]

But if the page returned includes image tag such as

<img src="http://google.com/index.php?delete=google" />
[download]

the module will once the image is loaded, get the link(executing the php actions) and $mech->content will then include the source of page http://google.com/index.php?delete=google.

So any ideas how to return the page ideally still with WWW::Mechanize without following the 'image links' ?

Thanks

Comment on Mechanize 'redirect' problem Select or Download Code

Replies are listed 'Best First'.
Re: Mechanize 'redirect' problem by Anonymous Monk on Sep 17, 2008 at 18:32 UTC
the module will once the image is loaded, get the link(executing the php actions) and $mech->content will then include the source of page http://google.com/index.php?delete=google. No it won't.	[reply]
Re^2: Mechanize 'redirect' problem by clone4 (Sexton) on Sep 17, 2008 at 19:56 UTC
brb when I posted my answer, I've been logged out... Anyway it was worded wrongly, I need to stop mechanize from executing the image src attribute. It is web application vulnerability called csrf, where if you have web page : www.guestbook.com/index.php?logout=true, and someone posts on that guestbook <img src="www.guestbook.com/index.php?logout=true"> anyone who views that page will be logged out, and that is what I need to somehow prevent	[reply]
Re^3: Mechanize 'redirect' problem by Corion (Patriarch) on Sep 17, 2008 at 19:59 UTC
What makes you think that WWW::Mechanize implicitly follows the `src=` attributes of `<img>` tags? It doesn't even have a way to display images. Have you looked at the traffic that goes over the network? Maybe you can explain to us what problem you actually are trying to solve. This sounds very much like an XY Problem to me.	[reply] [d/l] [select]
Re^3: Mechanize 'redirect' problem by tinita (Parson) on Sep 18, 2008 at 11:40 UTC
and someone posts on that guestbook <img src="www.guestbook.com/index.php?logout=true"> anyone who views that page will be logged out, and that is what I need to somehow prevent just a side note: if this is your web application you can prevent that this happens, for example by using a kind of token. I do this in one of my webapps by adding a token to every link/form that changes something on the server. see Is your web application really secure? ("CSRF"). You can reduce the risk a little bit by checking if a request was called with the method POST. If this is not your webapp then you'd have to contact the author =) Neither Firefox nor Opera can fully prevent you from CSRF at the moment, they both do different things to try it. But I also wonder why mechanize would load images.	[reply]