Locks down image references to the host/domain of your site only, to prevent CSRF attacks, and avoid HTTPS mixed content errors.

In short: This input filter restricts image tags in HTML content submitted by users to your site.


  • Allow your users to use IMG HTML tags in posts
  • while protecting against XSS attack vectors
  • and using relative paths to allow the images to work on both http and https sites


  • This input filter finds all IMGs in a text, checks whether their src attribute is relative and points to an image under the Drupal root.
  • Images satisfying that requirement are retained and left alone.
  • All other images are removed.

Project information