Take note also into the mix here is we change variables to store in the database and then when the description is viewed we convert the characters back so things view correct.
We also only allow the html tags noted here
Code:
Content visible to verified customers only.
You can not use embed object or script tags to try and embed malicious code we simply do not allow this.