Sanitising HTML when creating notes


We’d like to forward our inbound emails to Pipedrive with a custom integration and create leads with notes containing raw email bodies.

How safe is that? As the body may be malicious (contain scrips, etc).

We want to manually create a note via API (for this we build our own integration) and the question is if the API actually sanitises the HTML we pass in the note body or not.