Disable links in posts if there's an active spam flag

[cellio]

https://meta.codidact.com/posts/291174/291177#answer-291177

Spammers include links in their posts. The blatant ones show the raw URL; the more astute ones inject spam links that look like legitimate links by doing things like see the [documentation](http://spam.example.com). Is it feasible to suppress rendering links if the post has any active spam flags? I mean both the blatant ones and the stealthy ones: active spam flag = no active links (but for the raw ones you'd see the URL as text).

The primary goal is to prevent accidental clicks (could be spam or malware). A secondary goal is to take away any other benefits spammers get from active links (for example referrer counts).

I don't know how easy or hard this is, given that we're using libraries for Markdown rendering. I know we use different ones client-side and server-side, and the server-side one is the important one here. I don't really mind if the spammer sees the spam link in a draft post.

[ArtOfCode-]

Not trivial, but probably possible with a bit of work - needs investigation.

[cellio]

From a duplicate issue:

Proposal: if a post has a threshold number of spam flags, disable links. Because that could be confusing, also add a notice along the lines of "links have been removed pending human review" to the bottom of the post. Spam isn't the only problem case here (there's also malware), so I'd rather not say "spam" in the notice, but we can certainly wordsmith this.

As for the threshold: a single flag seems consistent with close votes and our current small size, but I don't know if that will always be true, so let's code it in a way that's easy to change later, or maybe even make it a site setting.

See there for more discussion.

[cellio]

Doing this on https://github.com/codidact/qpixel/issues/1381. Logged-in users will see the link (helps curation) and a post notice; logged-out users won't get links.