Compatibility with secure image filter

Created on 11 May 2022, about 2 years ago
Updated 3 November 2023, 8 months ago

Problem/Motivation

Drupal core comes with input filter filter_html_image_secure, with the description "Restrict images to this site". It does what it says on the tin; restrict the use of img tags in HTML input to local images. Part of its check is to actually open the image file and determine its size (presumably just to see if it is an image). Of course, you will see the problem; as SFP relies on images being requested and downloading them on demand, the file will not be there yet on an environment running with SFP, the test will fail and the filter will conclude the file is not local. It substitutes a red cross icon.

Steps to reproduce

* Set up an input format with the "Restrict images to this site" filter.
* Create some content with an inline, local image on the origin site. Make sure this is a new image that will not be available on the development site.
* Transfer the database to the development site
* Clear caches on the development site
* Open the content on the development site. Notice how the image is replaced with a red error icon.

Proposed resolution

Not sure. I suppose the least we should do is document this behaviour somewhere, but preferably, we'd have a workaround. The secure image filter has an alter hook, that the filter module itself uses to put in the actual placeholder image. Maybe we can disable filter module's implementation and substitute our own that can take into account whether the image *is* local to the origin site. If we do so, I think it would be a good idea to add an option to allow this to be disabled, since it does seem fairly intrusive and may not be appropriate for all sites.

Remaining tasks

  • Reach consensus about the resolution
  • Create a merge request
  • Review
  • Merge

User interface changes

An option to handle the secure image filter is added to the configuration screen.

API changes

None.

Data model changes

None.

✨ Feature request
Status

Closed: outdated

Version

2.1

Component

Code

Created by

πŸ‡³πŸ‡±Netherlands eelkeblok Netherlands πŸ‡³πŸ‡±

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024