An example:
              
              
              1 like
            
            
          That’s correct, otherwise there are a million markup exploits we are open to. I think that’s a default for the onebox…
I agree with not parsing the HTML, but passing it though Sanitize.clean might make it look better. eg.
The extension integrates your Magento 2 store with the Stripe payment service.
              
              
              8 likes
            
            
          Sure that’s a good idea @zogstrip – I think you touched this last, for the prior round of Hacker One fixes?
              
              
              3 likes
            
            
          I’ve addded HTML stripping to the description in the latest onebox. Should be deployed shortly:
https://github.com/discourse/onebox/commit/252c35dc97a5932cd689ce4a9d5fea265a2313fd
              
              
              5 likes