What I do not understand is why the browser is rendering that invalid HTML block.
Also the web application should validate the input and check if it’s valid HTML/XHTML and uses only the allowed tags and attributes. Moe and others seem to be thinking of the same thing.