Users can XSS via the field configuration.
Active
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Resolve #3313852 "Add xss filter"