inline images, external to the wiki

5 views
Skip to first unread message

Jim Garrison

unread,
May 31, 2010, 9:10:08 PM5/31/10
to creole...@googlegroups.com
Today I was surprised to learn that Creoleparser, in its default
configuration, allows images hosted on external servers to be included
inline. Worse, there seems to be no way to disable this behavior.

I have two main concerns about this:

1. On our wiki, we want everything included in a given page's view to be
within the wiki system itself. There's no reason somebody should be
able to change the way a page displays to the user without an entry
being added to the site's "recent changes."

2. Privacy issues. What's to say somebody can't put a 1px image
designed specifically to track who goes to a page? On many pages, it
could sit there a long time before some one would notice.

(The Creole 1.0 spec says nothing about external images.)

At a minimum this should be explicitly documented, and users should be
able to disable external images. Even better, external images should be
disabled by default.

Thoughts?

- Jim

shday

unread,
Jun 1, 2010, 7:08:41 PM6/1/10
to creoleparser
Hi Jim,

I think your issues with privacy are greatly exaggerated. Take at look
the behavior of other major wiki engines like MoinMoin and Confluence.

That being said, your first point is valid, and it would be a fairly
easy feature to implement. Basically, some work on the
elements.ImageElement class is all that would be needed. It has an
emit() method that already receives a "link_type" parameter.

If you could, please submit a feature request on the project page:

http://code.google.com/p/creoleparser/issues/entry

Patches are welcome.

Regards,

Steve

Jim Garrison

unread,
Jun 15, 2010, 1:34:39 AM6/15/10
to creole...@googlegroups.com
Hi Steve,

On 06/01/2010 07:08 PM, shday wrote:
> Hi Jim,
>
> I think your issues with privacy are greatly exaggerated. Take at look
> the behavior of other major wiki engines like MoinMoin and Confluence.

[snip]

I've thought about this, and I think it really depends on the
application. If I visit an online forum, I expect any images to be
hosted externally, and for my browser to make a bunch of requests to
those servers. But if, hypothetically, Wikipedia were powered by
creoleparser, I'd be very disturbed that anyone could so easily get a
record of everyone who has visited a given page.

If we still disagree, it doesn't really matter, as you already seem
convinced that allowing the disabling of external images is a useful
feature. I have thus filed ticket #42, and will hopefully have a chance
to make a patch soon.

Also, for the record, Wikipedia has a page that lists a few other
reasons one may want to disable external images at
<http://en.wikipedia.org/wiki/Wikipedia:IMAGE#Inline_linking>

Regards,
Jim

Reply all
Reply to author
Forward
0 new messages