Because HTML and HTTP are heavily intermixed, this page has also some content of the HTTP security page.
User content / Sanitizing User Input
HTML is a programming language that can download and run script.
Therefore, you should be extremely careful with user-input or HTML content created by your users.
- Add a CSP to define the resources that you accepts