Sanitisation is the process of filtering out potentially malicious code from user input.
The process usually involves removing HTML code that can be executed either on the server or other users' browsers.
HTML elements like
<u> are harmless. But a
Lastly, there is a group of HTML elements that makes requests to external resources. Examples are
<iframe>. An attacker can utilise the
src attribute of these tags to make requests when the element is loaded.