Vulnerability in EPiServer.Forms
A customer uses the ability to have a custom e-mail body for subscription emails, which works nicely (CMS 5 R2 SP1). However, they would like to put images in the email body. The problem encountered then is that because images selected in the editor will be rendered with paths relative to the site root, which will not work in the e-mail body.
Is there a way to insert an image with an absolute URI (like when inserting a link to an external site) without having to edit the HTML? The relative URI of an image selected can be prepended with http://.... to get an absolute URI, but this will cause an error in the image editor (not really a problem, but confusing for editors).
You can create your own SubscriptionHandler which inherits default behavior from EPiServer.Personalization.SubscriptionMail.
You should then override the FormatPageForBody method (use .NET Reflector to see how it's implemented by default), and then just add the http://siteurl to all image links.
When you're done, remember to set your handler as the default subscription handler in your EPiServer site.