2 min read
What it is
Sanitisation removes potentially unsafe markup — scripts, event handlers, disallowed tags — from HTML so it can be rendered without introducing an injection risk.
In the Credicorp API
The CMS page endpoint returns HTML that is sanitised on the server before it leaves the hub, so a consumer can render it. As defence in depth, still apply your own framework’s escaping and content-security rules at render time. See headless rendering.
Frequently asked questions
Is the CMS HTML safe to inject directly?
It is sanitised server-side, which removes disallowed markup, but apply your own render-time escaping as belt-and-braces.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.