- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
This has happened once before and they reversed it. But they said this last time too:
The discussions that have happened in various threads on Lemmy make it very clear that removing the communites before we announced our intent to remove them is not the level of transparency the community expects, and that as stewards of this community we need to be extremely transparent before we do this again in the future as well as make sure that we get feedback around what the planned changes are, because lemmy.world is yours as much as it is ours.
Neat. Has anyone brought this up to the devs here or on github before?
I’m not sure, but anything doing Markdown parsing and allowing images to be embedded is vulnerable to this. I kind of doubt that the devs don’t know about this.
The alternative would be to download every image on the server and cache it until users start requesting the image files, rewriting the Markdown to link to the new image location. I can think of a few reasons why that’s not implemented.
Proxying all comments was implemented in the backend at some point, I’m not sure why this feature was removed again. I can’t find much in the repo history, you could ask the devs why the feature got removed if you’re curious.
you could safeguard against this on the client side by not loading images from untrusted sources. irc clients did this