Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-16032

img BBCode is not secure

    XMLWordPrintable

Details

    Description

      Currently any link can be embedded using the img BBCode tag. This adds the possibility of embedding websites that collect HTTP headers, effectively compromising user IP addresses and referrer data (if referrer policy allows it) which could include the sid parameter. 

      A possible solution would be to allow board administrators to configure a white list of websites that the images can be embedded from.

      Attachments

        Activity

          People

            Unassigned Unassigned
            Drakath Drakath [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: