# Frontend Security

## HTML Content Rendering

Capell sanitizes CMS HTML content by default through `RenderHtmlContentAction`.
The default mode strips unsafe HTML and leaves Blade directives inert.

`CAPELL_RENDER_HTML_CONTENT_WITH_BLADE=true` is a compatibility escape hatch for
trusted, developer-authored content. Do not enable it for editor-controlled CMS
content in production, because Blade directives are evaluated server-side.