diff --git a/app/javascript/mastodon/utils/__tests__/html-test.js b/app/javascript/mastodon/utils/__tests__/html-test.js
new file mode 100644
index 000000000..ef9296e6c
--- /dev/null
+++ b/app/javascript/mastodon/utils/__tests__/html-test.js
@@ -0,0 +1,10 @@
+import * as html from '../html';
+
+describe('html', () => {
+  describe('unsecapeHTML', () => {
+    it('returns unescaped HTML', () => {
+      const output = html.unescapeHTML('<p>lorem</p><p>ipsum</p><br>&lt;br&gt;');
+      expect(output).toEqual('lorem\n\nipsum\n<br>');
+    });
+  });
+});
diff --git a/app/javascript/mastodon/utils/html.js b/app/javascript/mastodon/utils/html.js
index 5159df9db..247e98c88 100644
--- a/app/javascript/mastodon/utils/html.js
+++ b/app/javascript/mastodon/utils/html.js
@@ -1,3 +1,4 @@
+// NB: This function can still return unsafe HTML
 export const unescapeHTML = (html) => {
   const wrapper = document.createElement('div');
   wrapper.innerHTML = html.replace(/<br\s*\/?>/g, '\n').replace(/<\/p><p>/g, '\n\n').replace(/<[^>]*>/g, '');