From 44d8168b011eea514b79bffe4e032b172f37aebe Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Wed, 11 Oct 2023 11:57:37 +0200
Subject: [PATCH] comments

---
 crates/routes/src/image_proxy.rs       | 2 ++
 crates/utils/src/utils/markdown/mod.rs | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/crates/routes/src/image_proxy.rs b/crates/routes/src/image_proxy.rs
index cd9932f28..d0bb7b417 100644
--- a/crates/routes/src/image_proxy.rs
+++ b/crates/routes/src/image_proxy.rs
@@ -25,6 +25,8 @@ async fn image_proxy(
   Query(params): Query<ImageProxyParams>,
   context: web::Data<LemmyContext>,
 ) -> LemmyResult<HttpResponse> {
+  // TODO: Check that url corresponds to a federated image so that this can't be abused as a proxy
+  //       for arbitrary purposes.
   let url = decode(&params.url)?.into_owned();
   let image_response = context.client().get(url).send().await?;
 
diff --git a/crates/utils/src/utils/markdown/mod.rs b/crates/utils/src/utils/markdown/mod.rs
index 62dec52f3..97ab3c384 100644
--- a/crates/utils/src/utils/markdown/mod.rs
+++ b/crates/utils/src/utils/markdown/mod.rs
@@ -77,7 +77,7 @@ mod tests {
                 "![My linked image](https://lemmy-alpha/image.png \"image alt text\")",
                 "<p><img src=\"https://lemmy-alpha/image.png\" alt=\"My linked image\" title=\"image alt text\" /></p>\n"
             ),
-            // Ensure any custom plugins are added to 'MARKDOWN_PARSER' implementation.
+            // Ensure spoiler plugin is added
             (
                 "basic spoiler",
                 "::: spoiler click to see more\nhow spicy!\n:::\n",