I’m making some changes to a site I run and with those changes I’m adding some additional functionality to the way people comment on the site. One big question I keep going back and forth on is whether or not to allow users of the site to upload images and embed videos in comment replies? On one hand, I like the idea of allowing them to insert images directly into the reply so they don’t have to leave the site to view the image. On the other hand, there’s potential storage issue to consider (not a huge deal), spam, etc. The alternative would be to simply allow users to link to an image and I would require them to upload the image to a hosting service like imgur and then simply link to it in the comments. This comes with its own set of potential issues with people not using a hosting service for their images and simply hotlinking them in the comments. User would need to click the link in the comments and be taken to an new tab/page to view the image. I’m also not a huge fan of the idea that if said 3rd party service every shuts down, then there goes all the images on the site.
I’d appreciate any thoughts on the topic.
From a purely security standpoint, I’d not allow images, videos, or even HTML/JS in comments… too much potential for abuse, probability for inserting malicious code that can force a browser to download something without the user realizing that it’s happening. Strip out all HTML/JS with the exception of a few formatting or styling options.
It really depends on your site, IMO. There’s a security issue, as WolfShade addressed above. There’s also a community management aspect — images can be fun, and they can add to the discussion (we allow them here on SitePoint, for example!) but in the wrong hands they can also start to degrade the conversation. Just one more thing to consider.
Thanks. Yeah the abuse is the main thing I’m worried about. I’m not so much worried about the insertion of html/js as I built the site with Django and it has some good measures in place for blocking anything like that. Most of my worry is just with images getting out of control and posts becoming spammy, but on that same token I think the ability to insert images/video adds a lot of functionality which can be enticing to users. I would just need to of course moderate things and remove the spammy stuff and block users if necessary. I deal with end-users every day and I know a lot of them would have a hard time going to a site like imgur, uploading their image or pasting the link to an image and uploading it, grabbing the new URL and then coming back to my site to insert the link. Thanks for your thoughts. I guess whatever route I choose, I don’t have to be married to the choice. I can always decide to change the functionality later.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.