Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide or mask images embedded in HTML #539

Open
evanp opened this issue Apr 3, 2013 · 1 comment
Open

Hide or mask images embedded in HTML #539

evanp opened this issue Apr 3, 2013 · 1 comment
Labels
api security webui
Milestone
Future

Comments

@evanp
Copy link
Contributor

evanp commented Apr 3, 2013

Images embedded in the HTML with a src on another server can give a poor experience if that server goes down. They can also be a privacy threat, using third-party cookies or IP logging to track remote users.

I see a couple of options here:

  1. Replace images in content with proxy URLs, as we do with images outside of HTML content.
  2. Hide images until a user clicks a "show images" link. I think email systems do this quite a bit.

There might be other options.
@larjona larjona added the webui label Mar 17, 2016
@strugee
Copy link
Member

strugee commented Jan 19, 2017

We should proxy URLs. That'll provide a more reliable experience if a remote server goes down, it avoids leaking metadata and it will also fix passive mixed content issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api security webui
Projects
None yet
Milestone
Future
Development

No branches or pull requests
3 participants
@evanp @strugee @larjona