Don't render external images referenced by user-submitted content

[tromer]

The system currently allows <img a="..."> rendering of images stored in external websites. For example, https://grants.zfnd.org/proposals/575713843-zcash-sapling-offline-paperwallet-generatator automatically renders the image at https://raw.githubusercontent.com/ZcashFoundation/zecwallet/master/res/images/sapling%20paper.png.

This is bad website hygiene, for several reasons:

• It broadcasts the IP addresses and browser metadata of grant system users to those external websites, harming their privacy. (This is especially significant with anonymous money donations on the line.)
• The images may change externally, meaning for example that important parts of proposal could be retroactively changed without any records kept.
• Such images are a potential attack vector on users' browsers, and if they're external, filtering and forensics are infeasible.

This may also apply to other user-generated content, such as discussion comments.

[dternyak]

Hey @tromer,

Thanks for bringing this up! We'll discuss internally as to next steps. ZF Grants has extensive moderation tools in place to assist with taking down offensive UGC should images be changed after approval, but you bring up some great points nonetheless.

Greatly appreciate your time and input on this and the other issues you've opened 😁