I have a blog/cms package which allows images in a safe way, probably you could apply it to OpenACS. It just allows special tags which construct the url of the local image, avoiding the issue of user supplied urls. The tag is included in the main message content, and the content is run through ns_adp_parse. For instance an image tag looks like:
<image name="myimage" id="1"> and returns a formatted img tag.
In this case myimage is an attribute of the content item, the first one uploaded is given an id (really the sort order) of 1. If the image uploaded was named myjpg.jpg the src returned would look something like '/somepkg/files/[1234%23]/1234/myimage/1/myjpg.jpg' where /somepkg/files/index.vuh exists to get the actual content.
