Dragged and dropped images are referenced and not uploaded (e.g., from private mail.google.com link)

[gregschmit]

Some users of one of my applications noticed something weird. A user would drag-and-drop an image from a Gmail message, and then after saving the message, that user could see the image, but no one else could. I inspected the page and saw that it was because it linked to mail.google.com/blahblah, so only that user who was logged in with the right gmail account could view the image.

Is there a way to either reject dragged-and-dropped images, or to make Trix re-submit that image to active storage when the user drags-and-drops the image?

Steps to Reproduce

1. Drag an image from a gmail message into the editor.
2. Save the message.
3. Open up another browser (where you're not logged into gmail) and notice that you cannot see the image.

Details

• Trix version: 2.0.0
• Browser name and version: Chrome 111.0.5563.110 (but tested on Firefox and Safari as well)
• Operating system: macOS

[afcapel]

Trix does not store any images itself. You'd have to add some code integration with ActiveStorage if you want to store the image in the service. If you want to reject the paste, you can use the trix-paste to inspect the pasted content URLs and show an error message to the user, if you want.

[jeremy]

Looks like the same issue as #1000 and #1081.