This Module for Gallery 3 can be used to enable the XSS protection feature. By default Gallery3 will encode all user entered HTML (i.e. this is bold will be rendered as <b>this is bold</b>). With this module installed HTML is sanitized and save html is displayed (i.e. this is bold)
This module may be downloaded from the Gallery-contrib git repository here
Click the download button. Extract the purifier module to your gallery3/modules directory.
Activate the module: Login -> Admin -> Modules. Check the box next to the HTML purifier module. Click update at the bottom of the page.
Once installed HTML will be sanitized.