Re: Basic Remote Image to SSL Server

Out of curiosity, I did a little looking at available modules on CPAN.

For handling URLs in user posted content, URL::Transform might be of use.

Though, you might want to look at how HTML::Copy modifies URLs.

For serving the images, you could, as Corion suggested, create a local proxy script. Maybe you could use HTTP::Proxy. It does provide a mechanism for defining filtering. It's not clear if there's a way to to make it use a LWP::UserAgent::Paranoid object instead of a plain LWP::UserAgent object. But, I think you could enhance the new method to allow specifying that LWP::UserAgent::Paranoid be used instead. (Then submit a patch to the author for your enhancement.)

However, given the Javascript problem Corion mentioned and other possible malicious content problems, I think it would be a better idea to not display user submitted links as inline images, rather just make them clickable links. (This is how many other forum sites work.)

Comment on Re: Basic Remote Image to SSL Server

Replies are listed 'Best First'.
Re^2: Basic Remote Image to SSL Server by Beaker (Beadle) on Nov 12, 2016 at 13:03 UTC
Thanks for your response, lots to consider. Indeed there seems to be lots of valid reasons not to display remote images directly. Problem being; a potential member backlash if I take this functionality away. I was thinking of just having image uploads instead, like I have in other areas of the site. However, I'd need more server space and a solution for legacy content. For now I've converted the site to https and the pages in the forum with non https images will just break the ssl lock. Since images are considered passive this doesn't seem to trigger warnings in IE etc. It seems a number of other large forums I looked at are doing the same, half assed solution. I will put together a future project based on your suggestions.	[reply]

Replies are listed 'Best First'.

Re^2: Basic Remote Image to SSL Server
by Beaker (Beadle) on Nov 12, 2016 at 13:03 UTC

Thanks for your response, lots to consider. Indeed there seems to be lots of valid reasons not to display remote images directly. Problem being; a potential member backlash if I take this functionality away. I was thinking of just having image uploads instead, like I have in other areas of the site. However, I'd need more server space and a solution for legacy content. For now I've converted the site to https and the pages in the forum with non https images will just break the ssl lock. Since images are considered passive this doesn't seem to trigger warnings in IE etc. It seems a number of other large forums I looked at are doing the same, half assed solution. I will put together a future project based on your suggestions.

[reply]