Khan Academy: OPEN URL REDIRECT through PNG files

An abuse of the imageurl parameter when saving a CS program was able to create an arbitrary external redirect. We now validate the parameter before using it. I have found a way through which an attacker can use png files to redirect to malicious domain...