Hi! Recently, I’ve made a few clickbait links using OpenGraph meta tags and I’ve noticed that Discourse never shows the target URL, but instead relies on the spoofable meta tags to let a user know what they’re clicking on. For example, here’s a real article on The Verge:
However, if I copy and paste the tags into my own site, I can make a replica of the real article’s preview without any indication it’s not the original.
This seems dangerous because users can click on a “trusted site” and actually go to something completely different. I’m suggesting that instead of showing the article’s publish date, it shows the target site’s domain or a truncated URL.