Whilst removing a connect security vulnerability (ACDEV-514, ACDEV-516 ) we have encountered an obstacle in Confluence that prevents us completing this work and therefore closing this serious security hole.

Confluence currently assumes that the image placeholders are served out of confluence. For connect we require them to be able to be served out of the Addon.

The offending line is
CustomImageEditorMacroMarshaller line 104

                    writer.writeAttribute("src", context + imgUrl);

For connect we need this to not prepend with context for absolute URLs