The prepare_value method in forms_model.php uses strip_tags() on fields that aren't "whitelisted" for HTML content. As a result, if someone submits content with a left angle bracket followed immediately by another character, this is interpreted as a tag and everything from this point is stripped from the input until a right angle bracket is found. There are times when users might use the left bracket followed immediately by another character in a non-code context (such as a "less than" comparison, which brought the issue to our attention). Furthermore, in some contexts (such as a support form) it might be desirable to allow users to submit any tags as non-interpreted text content. In this case, attempting to pass an exhaustive collection of allowed tags to the 'gform_allowable_tags' filter is an awkward and fragile solution.
Using an escaping function such as esc_html() or esc_textarea() rather than strip_tags() would sanitize the content while preserving all user input.
