- Detect HTML tags in description and
- Use a library to trim the markup down to a safe set of elements and attributes, stripping all remaining tags.
We probably only want to keep <p>, <a href="">,<br />, and possibly some basic formatting ones like <b>,<i> and <em> but no other attributes. We should also remove non-URL content in @href.
We probably only want to keep
<p>,<a href="">,<br />, and possibly some basic formatting ones like<b>,<i>and<em>but no other attributes. We should also remove non-URL content in@href.