Passing Script tags thru API

I have a custom app where the user on the front end can enter HTML in one of the input fields to pass it into the destination API. If we enter something like

This is my content

we can get it to pass using escapeHTML(parameters.header_html) on the backend of the app but if we try to pass a script then the API just returns forbidden even though we are passing the example script they give in their docs.

<script>console.log('foo')</script>

Seeing if there is a trick to get this to pass?
This is basically adding header content to a website thru the API so wanting to pass in Google Analytics Scripts and things of that nature.

div
es

@scott74 did you check the console on how the post looks like? Generally if the data is mapped in the app as parameter should be automatically escapped. Not sure if you need the second escapeHTML function.

If you can please share the post and the response screenshot. Does it work in postman or with the http module?

Hey @tiberiu … here is the request from the integromat chrome dev tools.

{

    "header_html": "<script>console.log('foo')</script>"
}

and response from the API

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>
{
    "type": "error",
    "array": "Message: \nError Code: ",
    "_engineData": {
        "calledAt": "Not available"
    }
}

It look ok from my perspective. Does it work in postman?