I found an issue about the markup config, any suggestions would be appreciate.

Step1, add below code to isso server config,

options = strikethrough, superscript, autolink
allowed-elements = img, blockquote, br, code, del, em, h1, h2, h3, h4, h5, h6, hr, ins, ul, li, ol, p, pre, strong, table, tbody, td, th, thead
allowed-attributes = src

Step2, In the website where you refer isso as comment fn, add below comment:
<a href=http://evil.com>clickmetochangethispassword</a>

Result: the comment was successfully rendered.

Expect: transform the a markup.