It's not a fix, it's a security setting. You will/would get the same error if you posted html into a standard textbox.
I think most, if not all incorporate the use of regular expressions to help validate and remove harmful user entered data, or data that wish to disallow.