diff --git a/app/javascript/mastodon/utils/__tests__/html-test.js b/app/javascript/mastodon/utils/__tests__/html-test.js
new file mode 100644
index 000000000..ef9296e6c
--- /dev/null
+++ b/app/javascript/mastodon/utils/__tests__/html-test.js
@@ -0,0 +1,10 @@
+import * as html from '../html';
+
+describe('html', () => {
+ describe('unsecapeHTML', () => {
+ it('returns unescaped HTML', () => {
+ const output = html.unescapeHTML('
lorem
ipsum
<br>');
+ expect(output).toEqual('lorem\n\nipsum\n
');
+ });
+ });
+});
diff --git a/app/javascript/mastodon/utils/html.js b/app/javascript/mastodon/utils/html.js
index 5159df9db..247e98c88 100644
--- a/app/javascript/mastodon/utils/html.js
+++ b/app/javascript/mastodon/utils/html.js
@@ -1,3 +1,4 @@
+// NB: This function can still return unsafe HTML
export const unescapeHTML = (html) => {
const wrapper = document.createElement('div');
wrapper.innerHTML = html.replace(/
/g, '\n').replace(/<\/p>/g, '\n\n').replace(/<[^>]*>/g, '');