DanXi icon indicating copy to clipboard operation
DanXi copied to clipboard
verified publisher icon DanXi-Dev

[Feature Request] Prohibit users from uploading images using custom image hosting services

Open ivanfei-1 opened this issue 2 years ago • 6 comments

  • The current discussed solution:

Images from image hosting services other than the official one will not be parsed. If a user uploads an image using markdown syntax, it will be rendered as an image reminding them to use the official image hosting service, or it will not be rendered at all.

  • Another alternative solution:

Automatically change the image URL to the official image hosting service link and upload it to the official image hosting service.

ivanfei-1 avatar Mar 24 '24 12:03 ivanfei-1

The current discussed solution

Solution to what? Why prohibit users from posting images hosted unofficially? To avoid bad guys sending such images to disguise as official content?

I think a reasonable and sound reason is that it is necessary to prevent direct loading of third-party content to avoid cross-site exploits and unwanted information gathering. Since loading an image will send a request to the server hosting the link, an attacker can collect information such as the IP of visitors with his own server.

Anyway, forget all my nonsense above. Please start by explaining why the change is necessary.

w568w avatar Mar 24 '24 15:03 w568w

  1. Content referenced by external links cannot be moderated.
  2. Loading arbitrary links increases attack surface and poses privacy & security risk. Regardless of whether done on client side or server side.

singularity-s0 avatar Mar 24 '24 16:03 singularity-s0

Ah, then I guessed almost right.

I think there are at least a few things that should be done:

  1. Warn user when he tries to post external images;
  2. One of the followings. ~~(I have no particular preference; up to you to decide)~~ (Decided):
    • Do not load any external links in a post;
    • ~~Show a placeholder image and user must manually allow it to be loaded and a clear warning is attached to it to avoid intentional screenshots by the evil guys;~~
    • ~~Provide a feature allowing users to re-upload all images to our server with one click when being warned.~~

w568w avatar Mar 24 '24 17:03 w568w

Just refuse to render external images. Users will see in preview that their external links are not being rendered so warnings may not be necessary. They can always save images and upload them manually, just like in any other software (WeChat, Lark, etc.)

singularity-s0 avatar Mar 25 '24 03:03 singularity-s0

and a clear warning is attached to it to avoid intentional screenshots by the evil guys

External content warnings do not relieve you of your responsibility to moderate content.

singularity-s0 avatar Mar 25 '24 03:03 singularity-s0

Since there are no disagreements here, I think we will take @singularity-s0's proposal.

However, I think that warnings and other notices (when uploading or loading external images) are necessary so as not to confuse the user about changes in the app's behavior. Not everyone reads the changelogs carefully!

w568w avatar Mar 26 '24 02:03 w568w

This feature has been finished by the backend. Close it.

w568w avatar Apr 01 '24 13:04 w568w