yeah user supplied html/css whatever is funky and fresh and also a massive issue in so many ways
@charlag sure, gmail for example will strip a position: fixed so you can't overflow outside the email content section. I can't really tell if cohost strips anything since I don't have an account, but they seem to give users a lot of options so uhh, yeahh
imo there's also a big difference between clicking an email which then influences the screen, versus scrolling through a timeline where anything could show up (and mess with your cursor, for example)
@f0x I didn't use cohost and I don't know if I like them and I *also* think it's a bad idea but email basically works the same way: you sanitize scripts/style blocks/other stuff away and pray that CSP covers the rest