Comment by ozim

I guess someone is doing harness for that use case then. I was mostly thinking about payment transfer description that mostly would be more like a sentence. More about data lines like CSV as that would be what is used in banking.

Lots of known attacks can be found with static analysis of text, even in long text blocks, finding "unexpected characters", finding "white text on white background" will still prevent a lot of attacks I believe. If you find in a text any IOC just don't process the text, write it to log file, document and let some person make a decision.