|
|
|
|
|
|
by jcparkyn
920 days ago
|
|
|
I would think that a fairly reliable fix would be "only render markdown links that appear verbatim in the retrieved HTML", perhaps with an additional whitelist for known safe image hosts. The signifiant majority of legitimate images would meet one or both of these criteria, meaning the feature would be mostly unaffected. This way, the maximum theoretical amount of information exfiltrated would be log2(number of images on page) bits, making it much less dangerous. |
|
|