From 406b6148f53faea413050b4c068d688399e9430c Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Tue, 17 Feb 2015 01:26:18 +0100
Subject: [PATCH] CSS: notice images no wider than 100%

We should actually not allow remote images to be given in the src attribute
because they can be used for tracking and other nasty stuff without being
seen by the enduser.

Also, allowing remote images linked like this won't work for users who run
plugins like RequestPolicy etc. anyway. A better method would be to make
them listed as attachments instead. Then we can use that subsystem for
making thumbnails to store locally, hotlinking sources and whatnot.
---
 theme/base/css/display.css | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/theme/base/css/display.css b/theme/base/css/display.css
index cfc644d96b..7d28cee8df 100644
--- a/theme/base/css/display.css
+++ b/theme/base/css/display.css
@@ -713,6 +713,10 @@ font-style:italic;
     overflow-y: auto;
 }
 
+.notice .e-content img {
+    max-width: 100%;
+}
+
 .notice-options {
     margin-bottom: 7px;
     margin-top: 12px;
-- 
2.39.5