# Message sanitization

WIP! HTML characters are escaped by default when using [`.toHTML()`](https://emotettv.gitbook.io/emotettv/api-reference/parseemotes#tohtml). For now, if you need something more advanced refer to [DOMPurify](https://github.com/cure53/DOMPurify).