Standard considerations about security apply, the most critical is: are you inserting user generated content in the html component?
If yes you should assess if this can be a problem in your specific case.
Here is an example:
A custom plugin instead can avoid this kind of problem.