Comment 3 for bug 101828

This limitation is something I noticed a while back and therefore made the Network Image code source. The underlying thinking in Silva is that there's no way for users to embed anything from another site that could be malicious. A user can link to anything, as both the link field and the link object do. But you can't for instance embed a foo.js file from another site in a document. Of course if the user is a manager, that can be done in a code source template, and/or by adding a string field parameter, but via the 'normal' SMI interface it's not possible.

I'm not saying we shouldn't create the field, only that site managers need to be informed about the risk of abuse if they install the code source.

If we do create the field, users can drag and drop locations, images, and links from another browser window onto the field. No typos!