fix(api): 🔒 Correctly put all URIs in profiles through proxy

utils/sanitization.ts

@@ -1,5 +1,6 @@
 import { stringifyEntitiesLight } from "stringify-entities";
 import xss, { type IFilterXSSOptions } from "xss";
+import { proxyUrl } from "./response.ts";
 
 export const sanitizedHtmlStrip = (html: string): Promise<string> => {
     return sanitizeHtml(html, {
@@ -129,6 +130,15 @@ export const sanitizeHtml = async (
                 }
             },
         })
+        // Rewrite all src tags to go through proxy
+        .on("[src]", {
+            element(element): void {
+                element.setAttribute(
+                    "src",
+                    proxyUrl(element.getAttribute("src") ?? "") ?? "",
+                );
+            },
+        })
         .transform(new Response(sanitizedHtml))
         .text();
 };