do csrf tokens protect HTML injection code example
Example: tina4 form token example
<form name="myForm">
<input name="someField">
<button>Submit</button>
{# Register a secure token in TWIG - it creates a hidden input with signed token#}
{{ "myForm" | formToken | raw }}
</form>