The previous attempt didn’t work. Sanitisation is enabled on the application as shown in the app.js file found in the main project directory:
Instead of using HTML tags, perhaps think about how you could add a script as part of mark down - remember that the vulnerability exists in the marked library.