Attacker can inject html code in app
Steps to reproduce:
----------------------
1. Create a guide with name
amas<a href="http://phishing-site">Click here</a>
save it.
2. Go to mobile app and login to your account
3. go to your guides
4. you can see that the html code is converted in just "CLICK HERE"
Mitigation:
=======
properly escaped all html tags
POC SNAP:
=========
From security researcher Milan Solanki: