Prevent a user from dragging and dropping images into the editor from their desktop


Well-known member
I had a user attempt to attach an image to a thread by simply dragging and dropping the image into the editor. The problem with that is, it doesn't show up but it still prints out the binary data of the image into the post, ie:

yourforumurl.tld/community/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAeAAAAFsCAIAAACbxP1hAAAgAElEQVR4nOy9d3Rb55X2q3zjjJuKSbEXsVNULy6yI8ex49gZ23HiEvcSx7ItWbJkSbZkWdVW772Qoth7A3tvIEBUogMECIAgARAg0ctBP23fPyAqnoy/WeuuOzPK5OpZ7+IiKULAOgB+2Od5n73PnMphbcmg8iqFdaq0a/vx/Dc37Xv1kx0vvrf5nc37Pt11/K1N3736ybYv[...and so forth....]
And in this case, that particular image is over 500,000 characters in length. This post made the html of the page it was on over half a meg in size.

In addition to the above, I was not able to edit the post in question. The editor simply returned a blank text box with nothing in it. Only directly accessing the post record via a database utility allowed me to actually see what had happened when the user complained that image attachments were broken.

Perhaps we could get a check for objects like these at the time of post submission? Or even something that would tell the user right when they drag an image into a post that they should use the image upload feature instead.


XenForo developer
Staff member
By default, the character limit will prevent this from going through.

Unfortunately, it's very unlikely that we can prevent that, as it's likely a very low level browser behavior.


Well-known member
What about a check for part of the text string
or would that get a bunch of false positives?


Well-known member
This is redundant with 1.2's Redactor editor (allows attaching images by drag & drop).