That's not a solution. You have to guard against all image URLs, because every domain and path can steganographically encode bits of information. 'foo.com/image/1.jpg' vs 'fo.com/img/2.jpg' just leaked several bytes of information while each URL looks completely harmless in isolation. A byte here and a byte there, and pretty soon you have their name or CC or address or tokens or...
