diff --git a/app/conf/app.conf b/app/conf/app.conf
index e8c5731b1c..a124402eb6 100755
--- a/app/conf/app.conf
+++ b/app/conf/app.conf
@@ -2109,6 +2109,10 @@ service_view_path = <ca_app_dir>/service/views
 # -----------------------------------
 purify_all_text_input = 1
 
+# Allow external URL references (eg. images) in HTML text input? 
+# Leaving this enabled may be a security risk
+purify_allow_external_references = 0
+
 # -----------------------------------
 # Paths to other config files
 # -----------------------------------
diff --git a/app/lib/BaseModel.php b/app/lib/BaseModel.php
index d433bfd6c8..eb29837b77 100755
--- a/app/lib/BaseModel.php
+++ b/app/lib/BaseModel.php
@@ -551,7 +551,11 @@ public function purify($pb_purify=null) {
 	 * @return HTMLPurifier Returns instance
 	 */
 	static public function getPurifier() {
-		if (!BaseModel::$html_purifier) { BaseModel::$html_purifier = new HTMLPurifier(); }
+		if (!BaseModel::$html_purifier) { 
+			$config = HTMLPurifier_Config::createDefault();
+			$config->set('URI.DisableExternalResources', !Configuration::load()->get('purify_allow_external_references'));
+			BaseModel::$html_purifier = new HTMLPurifier($config); 
+		}
 		return BaseModel::$html_purifier;
 	}
 	# --------------------------------------------------------------------------------