Details

      Description

      Currently any link can be embedded using the img BBCode tag. This adds the possibility of embedding websites that collect HTTP headers, effectively compromising user IP addresses and referrer data (if referrer policy allows it) which could include the sid parameter. 

      A possible solution would be to allow board administrators to configure a white list of websites that the images can be embedded from.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Drakath Drakath
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: