ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.
Here is a little backgound that may help us to understand where some of these mandates are coming from.
Why are external links banned (along with javascript and flash)?
As a security measure, eBay's Active Content policy is based on utilizing the industry standard "sandbox" feature that is now integrated into all modern browsers. When eBay turns on that feature in listing descriptions (the description being the only part of eBay's page where a user can add code), the default browser response is to block any content that can be used to inject malware. Nothing that opens inside that window can inject malware. Links were also blocked by the browsers under the industry standard "sandbox" rule.
However, sellers wanted to be able to link to their eBay stores, other items, feedback pages, Youtube videos, etc., so eBay opened a loophole in their security to allow links. But now that means a link can jump out of the secure page and open to a malware page. The workaround is to block all links that are not on eBay's white-list, or safe list. What you experienced was eBay employing a filter to match your image links against its white-list. Your links failed and were stripped as the description was loading.
Sandbox rules only address site-based injectable malware and have nothing to do with a secure "connection". So "Sandbox" rules have nothing to do with "https".
Why do we have the https issue?
The https issue arose when Google announced their Chrome browser would begin flagging pages with a input field (like a search field) as "insecure" if it was not delivered over a secure "https" connection; and would be blocking pages with mixed content— where a "secure connection" page included non-secure delivery of embedded content.
That was a double-whammy to eBay. Search pages and listing pages don't need to be secure, yet Google claimed they would be flagged. So eBay had to make all search and listing pages secure. That led to a problem with user-supplied content, and suddenly sellers would need to put all of their embedded content on secure servers to avoid having Chrome block that "mixed content". The one-click-away page was eBay's interim solution to allow sellers more time to update their content to comply with Google Chrome's requirements. As long as the non-secure content was not embedded directly within eBay's secure page, the browser would still allow linking out to the non-secure content.
@rarestfinds wrote:
You wrote: "But closer examination shows that the description is being modified on-the-fly during delivery. We see a flag at the end of the ebaydesc url that will turn on the filter: &oversion=ac757603"
I have no idea about filters eBay may use in transferring listing using http with or without an SSL/TLS. If you can, I (and I'm sure others too) would like to hear more about this and other filters and what they do and how that works.
I write filters for my tools to help sellers find and fix eBay violations, like Active Content and SSL issues. I try to base my filters on what I see eBay filters doing or what I read in the specifications that eBay happens to be using. This gives me a bit of insight into what they are doing and why they are doing it, but that is the extent of my knowledge of eBay "filters".
I can tell that a filter was used because eBay has modified the description based on a flag added to the end of the URL, although I don't know how that flag works.
I also know that eBay has added their own script to the bottom of all embedded descriptions to force links to open in a new page. That particular script is an interim patch that will help sellers until sellers can add the target="_blank" attribute to all their links (more about this later). At some point, eBay may remove that service and mandate sellers fix their listings, because providing that service to sellers creates a small security loophole in their own code.
@rarestfinds wrote:Also, you wrote, "The new page issue does not apply to links of any sort, even if the links are not SSL-secure."
Please explain. It contradicts what my observation is; I observed that links without SSL/TLS would trigger the separate description page...
Keep in mind that a link is different than an embedded object. An embedded object loads as part of the page, so an image thumbnail that loads directly into the page must be secure because it is loading into a secure page. But a link away from the page (to your larger image) does not need to be secure because it does not load into the same page. It already loads one-click-away.
You can test this by adding a simple link and will see the non-secure link does not trigger the SSL filter that hides your description. I have added a link to this listing. It links to a non-secure destination, yet the full description appears right there in the page on desktop, not one-click-away (remember, the link is already set to one-click-away by using the target attribute).
https://www.ebay.com/itm/382319752153
The fact that my sample link also violates eBay policy by linking to a non-eBay page is another matter. eBay should be demoting this listing for that violation. If eBay applies the same sort of filter that showed up in your listings, that link would be gutted and there might be no demotion.
@rarestfinds wrote:Also, you wrote, "A problem with links will occur if a secure page opens a non-secure page right there inside the listing, and that only happens when the target attribute is missing."
Are you talking about the target attribute eBay stripped from my HTML code, specifically the address of the large picture on my server? Please explain, thank you.
eBay stripped the "href" (hyperlink-reference, or URL, or destination) part of your code. The target attribute, on the other hand, instructs the browser how that destination should load: within the same page, in a new page, replacing the same page so the back-arrow rolls back history, that sort of thing. eBay requires the target attribute point the link to a new blank page (target="_blank"). That puts the destination one-click-away so that the non-secure content will not try to open inside the secure page. If it tried to open inside the secure listing page, the Chrome browser would likely block it.
@rarestfinds wrote:I can't see the point; whether I embed thumbnail pictures or the large pictures being downloaded. Both images are being downloaded and are under the sellers control and subject to abuse of eBay's policies by seller's operating outside eBay's rules. What's the difference?
The difference is embedding (sandbox safe) vs linking (suspicious), as I hope I have explained above.
@rarestfinds wrote:Ebay's policy to not allow thumbnail pictures to be used as links to download larger pictures is breaking the camel's back in my book.
So I created a compliant thumbnail gallery from one of your listings to show that it is possible to include larger photos. But of course, the limitation is that the photo will display no larger than the frame that holds it.
https://www.ebay.com/itm/222974274603
This is the tool where I created the gallery:
http://www.isdntek.com/csstools/photos.htm
There are a lot of user-definable attributes for constructing the gallery. The tool itself has a limit of up to 12 thumbnails per row and up to 10 rows deep. I would hope no one would create a gallery that dense. 
For your gallery, I picked 2 rows of 6 clickable thumbnails, and then chose a whole bunch of color, border, and shadow options because you had rich backgrounds and I love working with color. But you don't need to get that fancy.
Gallery space can be optimized when all photos are the same shape. When photos are a mix of orientations, the best cell shape is usually square. However, I decided the vertical presentation looked best for your gallery so that some of your photos would fully fill the cells, and the landscape photos are simply floated in the vertical space. Thus the landscape photos are not shown to best advantage.
For this type of gallery, I usually advise limiting the self-hosted image sizes to no more than 600-800px on the long side and compressing as much as possible. The determinant is that the image doesn't need to be any larger than the size allowed by the display mechanism. The shape of your photos and shape of the gallery can play a roll in determining the display size, so there's no pat answer to photo size.
