Anti-CSRF fix in img tag useless? May 07, 2016, 10:13:13 pm Good point:http://www.simplemachines.org/community/index.php?topic=545700.0Quote from: qcHowever, it has always been and is still possible to include images with such an "action"-URL by simply pointing to an HTTP-redirect, e.g. [img]http://bit.ly/blabla[/img] with http://bit.ly/blabla redirecting to /index.php?action=DANGEROUSIn summary: this fix never worked, and should therefore be removed. The underlying problem that this fix was addressing should be fixed directly by e.g. introducing CSRF protection tokens where they are still missing (e.g. search).