+
+[[madduck]]: I traced this down to `htmlscrubber`. If disabled, it works. If
+enabled, then `$safe_url_regexp` determines the URL unsafe because of the
+colon and hence removes the `src` attribute.
+
+Digging into this, I find that [[rfc 3986]] pretty much discourages colons in
+filenames:
+
+> A path segment that contains a colon character (e.g., "this:that") cannot be
+> used as the first segment of a relative-path reference, as it would be
+> mistaken for a scheme name. Such a segment must be preceded by
+> a dot-segment (e.g., "./this:that") to make a relative- path reference.
+
+The solution seems not to use colons.
+
+In any case, `htmlscrubber` should get a new regexp, courtesy of dato:
+`[^:]+($|\/)`. I have tested and verified this.
+
+[Commit/patch
+be0b4f60](http://git.madduck.net/v/code/ikiwiki.git?a=commit;h=be0b4f603f918444b906e42825908ddac78b7073) fixes this.
+
+[[done]]