My dicourse version is 3.5.0,and the content security policy is on.
I send a post like:
111<a href=”https://www.baidu.com/”>aa</a>
It finally show this after I commit.
When I click text ”aa”, it redirects to the website. And I want to edit the post, the link disappear.
Then when I tried to edit the post, the link disappeared.
What does this sentence mean?
From your description, it doesn’t look like an XSS attack.
Which composer mode do you use for editing? The rich text editor or markdown mode? There have been lots of improvements for the rich text editor in the past months. Does the same happen on try.discourse.org? If not, an update might fix this.