Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Locks down image references to the host/domain of your site only, to prevent CSRF attacks, and avoid HTTPS mixed content errors.
In short: This input filter restricts image tags in HTML content submitted by users to your site.
Purpose
- Allow your users to use IMG HTML tags in posts
- while protecting against XSS attack vectors
- and using relative paths to allow the images to work on both http and https sites
Behavior
- This input filter finds all IMGs in a text, checks whether their
src
attribute is relative and points to an image under the Drupal root. - Images satisfying that requirement are retained and left alone.
- All other images are removed.
Project information
- Module categories: Content Editing Experience
- 32 sites report using this module
- Created by sun on , updated
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
7.x-1.0
released 12 July 2012
Works with Drupal: 7.x
✓ Recommended by the project’s maintainer.
Pre-release version: 7.x-1.1-beta1 released 28 Apr 2016 at 23:03 UTC
Development version: 7.x-1.x-dev updated 1 May 2016 at 14:23 UTC