so I found that when requesting a user/account from a different host (e.g.
mastodon.technology), the `user.description` contains HTML that is not
rendered in the hitide UI.
The problem, is of course, including ("random") HTML from remote... Not sure
how dangerous this actually is...
A possible fix would be to `render::raw!()` this part of the HTML.
The responsible line is src/routes/mod.rs #1430 as of
c754ef892c49134efc5ea65a75dc8284bab5ff85 (master right now).
What do you think?
We certainly can't just embed untrusted HTML, but this is the same
situation as post content, which lotide sanitizes with ammonia before
returning in the API. Probably should do the same with user descriptions
and then it would be okay to render them