[UX] 'Sanitize' advanced setting missing help text

[ghost]

The Drupal version has the following description/help text for the 'Sanitize' advanced setting:

If checked, will ensure that metatag value output is encoded and text filters are processed.

The Backdrop version is missing this, which makes it hard to know what this setting does (IMO). Can we add it back in?

[jenlampton]

We need to reverse the text so the description tells people what happens when this setting is NOT enabled. The label itself should tell people what it does when it IS enabled.

will ensure that metatag value output is encoded and text filters are processed.

Also, this statement isn't entirely true. All we're doing here is telling the modules that provide tokens that we want the safe versions of their tokens. Weather they choose to run text filters or just use filter_xss() instead is up to them. We can't really know that here.

In fact, Sanitize meta tag text during token replacement isn't entirely true either. The only bit we're cleaning up is the token value itself, not the rest of the meta tag.

How about something like:

Label: Sanitize token data to ensure meta tag text is safe Description: When disabled, token replacements may return raw, unfiltered values.

Also, why is this not on by default? See https://github.com/backdrop-contrib/metatag/issues/36