Remove all malicious HTML from your request before it reaches your application
None
Christopher Durtschi