Support user-generated-content

[fredemmott]

• provide a way to whitelist URI schemes; for example, http, https, mailto, irc are likely fine, javascript is not. This should affect links, link reference definitions, and autolinks
• provide a way to specify rel="nofollow ugc" on all links, with no way to override from markdown content
• provide a way to to filter images (to avoid injecting example.com/trackme.gif); for example:
  • whitelist domains
  • switch them to a privacy-preserving proxy (which would need to avoid open proxy issues)
  • these should not be explicitly supported - instead a general mechanism should be implemented to allow people to implement whatever fits their needs the best

[atielking]

WIP from me!

[fredemmott]

A large part of this is now merged in - I need to dig through to see how much of " provide a way to to filter images (to avoid injecting example.com/trackme.gif)" is practical now