When this TRUST_DATA_AS_HTML setting is used, make sure that all data in the html is static (like in your example) or from a source that cannot be modified by users, otherwise you would be vulnerable for a Cross-site scriping (XSS) attack.
When this TRUST_DATA_AS_HTML setting is used, make sure that all data in the html is static (like in your example) or from a source that cannot be modified by users, otherwise you would be vulnerable for a Cross-site scriping (XSS) attack.