I often get asked about validating inputs from WYSIWYG/Markdown editors, or simply find validation completely missing during audits... However, like all User Input, you cannot trust it. Validate and sanitise or XSS will appear!
https://securinglaravel.com/security-tip-validating-html-and/#Laravel