Every feature can be abused in one or another way. Do you have an evidence that this is a widepread problem?

Not yet a widespread problem, but a serious security flaw, which should be solved before it becomes a widespread problem.

the {{click}} templates and ImageMap extension have the same 'problem'. It has always existed, it's just that it seems some nutjob has been using this a lot recently on wikipedia. en.wp has an editfilter for it at least.

Removing external links from images would break some things I suspect, but I have no idea of the exact impact.

steefy389 wrote:

Editfilter is a short term solution but I think this should be addressed in the long run (also for imagemaps).

Some links will be broken if this is changed, but as most page that are likely to be a link target are also availible via the interwiki map (https://meta.wikimedia.org/wiki/Interwiki_map), this shouldn't be much of an issue.

This feels like a WONTFIX to me.

External links on images are very handy for, say, download links, tools, links to other wiki sites, etc.

The problem here is not that much the external link on a picture, but the possibility to create a transparent overlay link.

Abuse of markup is always possible; that's why we have review and revert abilities.

What's at issue is not this feature, but ability to use a large portion of CSS to position things.

That's not likely to go away any time soon either, as all sorts of positioning hacks are used for maps and things legitimately.

a.d.bergi wrote:

This is obviosly WONTFIX, positioning is needed. We can't prevent people from generating overlays, or we would have to disable much css which breaks everything. Also, the problem is not specific to image links.

As far as we prevent xss attacks, there is no security issue. Malicous domains should get blacklisted, and both textual and image external links will respect that list.