Prevent XSS attacks on HTML fields

Hello everyone.

We are currenty doing some developments on version 12 of Bloomreach CMS and the security team has detected that is possible to inject javascript with malicious intent using the HTML fields in contents. A solution that we came across would be removing the source option from that kind of fields but it is a very extreme measure.

Is there another way that we can prevent XSS attacks on those type of fields?

Thank you in advance!

You can configure what is allowed in an editor: