Does anyone know of a good way to prevent users from using html tags, perhaps using Javascript? The restrictions under Settings > Security aren’t robust enough. We have found that we can inject iframe, span and other tags into many User fields (phone, link, RTF). We can use many, many validation rules for each field, but that’s pretty tedious. All thoughts are good thoughts, and thanks in advance.