Well, currently, one could add code like this:
to get an image into a post, privmsg or signature. Also possible would be:
or any other file, that responds with a picture. Any visitor's browser would therefore establish a connection with doman.tld and thereby reveal itself to the server at domain.tld. Depending on what information is integrated into id=dasjldaslkjdalskj now domain.tld also knows what post the visitor was loading, when and so on.
As a boad adminstrator you can stop this behavioir with "Content Security Policy" (CTS), but that would advice a visitor's browser to not load outside sources at all or report outside sources to the board admin but load them anyway. Both not necessarily behaviour you want.
So, by altering the behaviour of the bbcode "img" one could create a system that works like that:
- When a post, privmsg or signature with a tag that relates to outside source is saved and parsed the board accesses that resource, caches it.
- When the post, privmsg or signature in question is shown to a visitor, change the code so that the cached item is send instead. Re-download it to the server, if cache is to old.
- If it is an image suitable, even switch to inline-coding.
Obviusly, some limits should apply, for you wouldn't want someone to crash you board/server by posting
[video]http://doman.tld/hugefile.mpg[/video]and force the server to cache those files.