Run untrusted HTML through Text.HTML.SanitizeXSS.sanitizeXSS to prevent XSS attacks. WWW: http://github.com/yesodweb/haskell-xss-sanitize