© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The security team discussed this a bit and we found this:
"Note that the Supported HTML Subset is limited. Also, if the text contains HTML img tags that load remote images, the text is reloaded." - http://
This suggests an <img> tag could specify a remote image. While Victor's bug originated from a user-driven interaction, if/when we support vcards, we'll want to be very careful about importing vcard data that will download remote content when displayed. Changing to non-richtext will future-proof us from this down the line.