Does Zimbra sanitize the HTML input coming from users say like using HTML::Scrubber which prevents XSS to some extent?