Update: after reading theorbtwo's post, I realized that allowing pictures at monk level only seems right. By level five (250XP), a user has been here long enough to know the rules and respect the Monastery. Therefore, that user will be entitled to have a picture hosted on Perl Monks. It is a great privledge, considering they are allowing users to upload 80kb onto the perlmonks.org server. If you allowed anyone with an account (including all those "Logged in once, no writeups") to post an image, you'd run out of space very quickly. Assuming that just a quarter of those "LIONW"s posted an image around 40KB, you'd have around 97MB of database that would be essentially useless.

You know, these days I would expect one should be able to move from Initiate to Monk in a week or less, hardly enough time to get to know the culture of this site, but that's not the problem. And what mousey was doing places no additional load on the server, apart from sending the characters required to write the HTML code that references a resource sitting on another server. The cost of pulling down that image to the client, from the Perl Monks server's point of view, is zero.

The reason is not bandwidth cost, more for legal reasons. Restricting the ability of people to reference material on other servers reduces the chances of vroom receiving nasty letters from clueless lawyers bent on copyright violations. By the time you're allowed to, you are supposed to know the rules.

I wrote the first patch to block the use of the <image> element and I suppose I can keep on adding to the code (it's just a regex) but I'd rather be doing something else. Because there are still other ways lying in the wings to circumvent the filter and get your picture on your homenode. If you are clever you can work it out. The pmdevils are discussing the best way to fix things once and for all.

<update> in response to FU (and tangentially tadman's post below), yes of course the obvious thing would be to use HTML::Parser or HTML::TokeParser and throw away anything that doesn't match a list of allowable tags. The only problem with this approach is that it is somewhat resource-hungry and the impact on the server will be hard to gauge. Of course, there is another approach that may be more light weight. It's more a question of sitting down and trying both appoaches. </update>