The plain text is sanitized by escaping all the unsafe HTML characters such as '>', '<' and '"' characters using the Apache StringEscapeUtils. You can change this behavior by modifying the unmatched-content-type-action attribute for the tag Element-detection-pattern under the XSS conditions.
