Marketplacer uses an inbuilt data sanitisation feature to protect your marketplace from cross-site scripting (XSS) attacks. This feature automatically cleans user input entered into text fields, ensuring malicious code cannot be injected into your marketplace.
Why it matters: Data sanitisation keeps your marketplace secure by preventing malicious scripts from running, while still allowing valid content to display safely.
Because of this, users may sometimes notice differences between what they enter in a text field and what is displayed after saving.
Data sanitisation is always enabled and requires no configuration.
What is sanitised
Currently, sanitisation applies to fields related to Adverts, including:
- title
- description
- comments
- specifications
- features
- notes
- booking terms
Additional user input fields will be included in future updates.
Impact on the user journey
Data sanitisation affects input whether a user:
- manually creates an advert
- imports adverts through integrations
- or an admin creates a text block using the page builder
Character changes
Some characters are HTML escaped, for example:
- & becomes &
- multiple spaces are reduced to one, with extra spaces replaced by
- < and > become < and >
- • becomes •
- ® becomes ®
- ™ becomes ™
- quotation marks become ‘, ’, and similar entities
Markup changes
HTML or Markdown markup is cleaned up to prevent unsafe or invalid code:
- <B> becomes <b>
- <br /> becomes <br>
- <script> tags are removed entirely
- missing <tbody> tags are inserted into <table> elements
- missing closing tags are automatically added
- <font> tags are removed
Other changes
Unwanted non-printing characters, such as Unicode 009E, are removed
Related articles