Hi Discourse,
Edit: I used to post my question under Post code or preformatted text.
In my self-hosted discourse, we have a WAF placed in front of installation. It has stricter rules by default which sometimes preventing users posting formatted code from creating. For example, edits contain /etc/init.d
is taken as security issue. My question is how the preformatted text feature itself ensure any sort of code XSS or attacking. Or discourse core protects the code submitted avoiding security issues? Am I safe to allow all of posts containing code snippet, so that I can adjust the WAF rules?
/etc/init.d/aaa.local Compatibility
Thanks!