Glossary

HTML sanitisation

HTML sanitisation — a term used across the Credicorp developer documentation, defined here for engineers integrating the public /public/v1 API.

2 min read

server-sideWhere it happens
defence-in-depthStill escape

What it is

Sanitisation removes potentially unsafe markup — scripts, event handlers, disallowed tags — from HTML so it can be rendered without introducing an injection risk.

In the Credicorp API

The CMS page endpoint returns HTML that is sanitised on the server before it leaves the hub, so a consumer can render it. As defence in depth, still apply your own framework’s escaping and content-security rules at render time. See headless rendering.

Frequently asked questions

Is the CMS HTML safe to inject directly?

It is sanitised server-side, which removes disallowed markup, but apply your own render-time escaping as belt-and-braces.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.