When viewing HTML, it can trigger loading from external sources and this can be used for deanonymisation.

• disable external sources. MessageView, based on QTextBrowser, does not by default support loading external sources, but it could be adjusted in the future and then the SafeHTMLParser would have to deal with this.
• have loading external sources load by clicking on them, with warning
• proxy settings should affect how the renderer loads external sources.