I think the description should allow html formatting elements like b, hr, h1...h7, ul, ol, li, tables, div, img, font, object, span, p, strong, br...
The list is long. Maybe one should think of excluding those that might be a security hole.
But how do you think is it possible to abuse that? Isn't there a parameter in in the Kernel where I can explizitly allow elements and attributes. Then the administrator is able to decided what is permitted and what not. I think this would be a better solution.
What do you think?