Czy nie byłoby lepiej, aby obrazki dało się tylko wrzucać z zaufanych hostingów np. 4p, imgur, flickr, itd?
a) Łatwiej w ten sposób można eliminować "dziury", typu padnięty hosting lub usunięty obrazek (ImageShack) i nagle część wątku znika
b) trochę security? emaile raczej nie robią tego bez powodu ;) więc może, aby pobieranie obrazka z jakichś dziwnych 3rd zaczynało się po wyrażeniu zgody typu kliknięcie na niego aka lazy loading + fajnie gdyby pokazywało url przed wejściem
[Stackoverflow] Allowing images from external sources opens doors to serious security exploits
I strongly recommend blocking non-Stack-hosted images in posts and messages going forward. The potential harm may not be severe, but it exists and there is no benefit to balance it out.
Reasons to leave them:
To avoid inconveniencing editors of old posts, as we already do for HTTP images.
Nothing else?
Reasons to block them:
- Eliminate potential dependencies on external resources, as we generally require.
- Prevent images from being changed without triggering an edit in Stack Exchange's system.
As an example, image host ImageShack once decided to use old, broken image URLs for advertising purposes.
- Avoid sending traffic to servers that may not want it.
As a consequence, if the server owner decides to prevent hotlinking (such as what happened with Photobucket), posts won't break
Prevent silent analytics of posts/tracking of users.
Prevent phishing of user credentials with browser authentication dialog. (Some browsers prevent it, but IE, Edge, and in some cases Firefox, don't prevent it.)