i had my profile all cute and customized and came back to see it a mess of html that wasn’t being rendered anymore, even tho it previously was. anyone know why? will we no longer be able to use html in profiles anymore? ☹
This is the commit/change that disabled it: turn on security options for commonmark
Being able to freely edit the html is fun, but it’s also unsafe and can easily be abused. I assume it was disabled to prevent issues before they can occur.
Especially after the exploit that took down LemmyWorld and some other big instances just a few days ago. I’d rather lose some bells and whistles on my profile than leave possible attack vectors open.
Stuff like that is typically a huge security risk that allows for various kinds of injections.
Unfortunately, the security risk is a huge with HTML.
