lemmy.world is a victim of an XSS attack right now and the hacker simply injected a JavaScript redirection into the sidebar.
It appears the Lemmy backend does not escape HTML in the main sidebar. Not sure if this is also true for community sidebars.
EDIT: as a demo, your web browser is probably telling you that it’s blocked a popup or something, you should see an alert I’ve injected
“I don’t have to know how to pilot an helicopter to say that if it’s crashed on the ground, the pilot doon goofed”
The pilot crashed on the field because the helicopter was misfunctioning, and it risked falling on a primary school.