Preventing pasting of remotely hosted images in CKEditor

In the previous post, I showed how to prevent a user from pasting Images from the Clipboard into CKEditor. This post is of a similar nature but is designed to ensure that users don’t paste images with URLs to external / internal applications.

This post is part of my XPages webmail tips series, and addresses a problem where, a user copies and pastes some HTML that includes images, from a webpage and pastes it into CKEditor for a message that is then sent via email. The recipient is then unable to see the image due to the fact they don’t have the same access as the author of the email.

The cause of problem is, when the image is pasted it is pasted as an img tag with a link to the location of the image on a server.
There is no guarantee that the email recipient can access the server that the image is located on. The server is possibly behind a firewall, OR if the HTML was copied from an internal system, then it is possible an external email recipient does not have access to that internal server.

Additionally even for Internal emails, if the html was copied from an XPages application and the copied image is located inside a Notes Document, the URL that is used for that image is only temporarily available by the Xpages Persistence service, and is only available to the user that copied the HTML.

The result of all of this is more complaints of “I can’t see any image”

Another CKEditor Plugin!

The solution is just a modified version of the CKEditor plugin in previous post. The plugin listens for pasted content, and strips out any remotely hosted Images.

Save the above javascript as a script library in your nsf, called ‘blockpasteimagelink’

Make sure to include the script library on your XPage, and then tell your InputRichText to use the plugin using the extraPlugins dojoAttribute. Here is a sample XPage:

Now let’s test it out, I would like everyone to know about the mythical Jackalope, so I will copy some info from Wikipedia!


Then I will paste it into my CKEditor, where I will receive a warning…


And after clicking ok, I can see that everything except the image has been pasted…



So we have now prevented some more cases whereby the recipient of an email will have trouble viewing images, it can be a little frustating for a user, but probably less frustrating that having to re-send an email, so I call that a win.

I had also intended on looking into the possibility of modifying the plugin so that upon pasting a remote image, the browser would try to download that image and then upload to the XPages server to be attached as an embedded image, however I haven’t looked into that yet!

In our system we have another CKEditor plugin which will allows users to paste image data from the clipboard, this is a nicer solution and I will cover that in the next post.

You may also like...

2 Responses

  1. sarab says:

    Thank you for this explanation.
    Actually, it works only when we paste images without simple uploads (text). I don’t know which change can I apply on your script to prevent pasting images even with simplle uploads.

    Thank you!

  1. November 15, 2016

    […] Preventing pasting of remotely hosted images […]

Leave a Reply

Your email address will not be published. Required fields are marked *