2 files changed, 14 insertions, 6 deletions

diff --git a/static/js/src/text.js b/static/js/src/text.js
index f426255..6fe5c3c 100755
--- a/static/js/src/text.js
+++ b/static/js/src/text.js
@@ -25,9 +25,10 @@ function getImagesAsArray(text) {
   if (urls === null) return imgs
   for (var i = 0; i<urls.length; i++){
     var url = urls[i]
-    var urlWithoutParams = url.replace(/\?.*$/i, "");
+    var normalized = normalizeUrl(url);
+    var urlWithoutParams = normalized.replace(/[?#].*$/i, "");
     if (PicRegex.test(urlWithoutParams))
-      imgs.push(url)
+      imgs.push(normalized)
   }
   return imgs
 }
diff --git a/static/js/src/util.js b/static/js/src/util.js
index 2a3dc52..69740ff 100755
--- a/static/js/src/util.js
+++ b/static/js/src/util.js
@@ -18,11 +18,18 @@ String.prototype.trim = function(){ return this.replace(/^\s+|\s+$/g,'') }
 
 function normalizeUrl(url) {
     if (!url) { return url; }
-    var lowerurl = url.toLowerCase();
-    if (lowerurl.indexOf('http://') == 0 || lowerurl.indexOf('https://') == 0 || lowerurl.indexOf('ftp://') == 0 || lowerurl.indexOf('//') == 0)
-        return url;
+    var trimmed = url.trim();
+    var lowerurl = trimmed.toLowerCase();
+    if (lowerurl.indexOf('//') == 0 || lowerurl.indexOf('https://') == 0 || lowerurl.indexOf('ftp://') == 0)
+        return trimmed;
+    if (lowerurl.indexOf('http://') == 0) {
+        // On HTTPS pages, modern browsers will auto-upgrade or block insecure image loads.
+        // Prefer upgrading ourselves so hotlinked images render when the host supports HTTPS.
+        if (location && location.protocol == 'https:') return 'https://' + trimmed.substr('http://'.length);
+        return trimmed;
+    }
     var scheme = (location && location.protocol == 'https:') ? 'https://' : 'http://';
-    return scheme + url;
+    return scheme + trimmed;
 }
 
 function isCSSPropertySupported(prop){ return prop in document.body.style }