Board Thread:Code Review/@comment-4356266-20151008134915/@comment-24473195-20151011160457

I'm not sure why you're allowing anchor links there in the first place. If you opt to accept wikitext only, just use the action parse api (https://www.mediawiki.org/wiki/API:Parsing_wikitext).

It automatically sanitizes all the data, see (https://www.mediawiki.org/wiki/Manual:Parser.php#Description) for more information. It will also remove  (or escape) any anchor links as those aren't valid wikitext.

In my opinion allowing raw html is a bad idea.