Prevent a user from dragging and dropping images into the editor from their desktop

Jesepi

Well-known member
I had a user attempt to attach an image to a thread by simply dragging and dropping the image into the editor. The problem with that is, it doesn't show up but it still prints out the binary data of the image into the post, ie:

Code:
yourforumurl.tld/community/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAeAAAAFsCAIAAACbxP1hAAAgAElEQVR4nOy9d3Rb55X2q3zjjJuKSbEXsVNULy6yI8ex49gZ23HiEvcSx7ItWbJkSbZkWdVW772Qoth7A3tvIEBUogMECIAgARAg0ctBP23fPyAqnoy/WeuuOzPK5OpZ7+IiKULAOgB+2Od5n73PnMphbcmg8iqFdaq0a/vx/Dc37Xv1kx0vvrf5nc37Pt11/K1N3736ybYv[...and so forth....]

And in this case, that particular image is over 500,000 characters in length. This post made the html of the page it was on over half a meg in size.

In addition to the above, I was not able to edit the post in question. The editor simply returned a blank text box with nothing in it. Only directly accessing the post record via a database utility allowed me to actually see what had happened when the user complained that image attachments were broken.

Perhaps we could get a check for objects like these at the time of post submission? Or even something that would tell the user right when they drag an image into a post that they should use the image upload feature instead.
 
Upvote 0
By default, the character limit will prevent this from going through.

Unfortunately, it's very unlikely that we can prevent that, as it's likely a very low level browser behavior.
 
What about a check for part of the text string
Code:
/data:image/png;base64,
or would that get a bunch of false positives?
 
Top Bottom