On Mon, May 19, 2014 at 2:09 AM, dan-nl <dan.entous@gmail.com> wrote:
this is may be a long-shot, but what about allowing all files from the /images/ directory and excluding images from any other directory? the assumption being that icons and other "helper" images will come from directories other than /images/.

If you mean assets (stuff from bits.wikimedia.org), we don't show any of those, only uploaded files. Those are stored in directories with random (sha1-based) names.