We have multiple systems interacting with each other. There is a public facing website where customers enter text. There is a webservice that enters the text into a CRM database. As a good practice the text is being HTML encoded before forwarding it to the webservice. We have two applications reading this text one is a web application where we have code for HTML decoding. Another is a third party CRM which does not have the decoding code as a result of which it is displaying the HTML characters to the user.
I am trying to find a solution to prevent users from viewing the HTML characters. CRM is a third party application and in production so everyone is reluctant to make any changes to the CRM.
Is there any other solution? One proposal is to decode the text before entering it to the CRM database. Is this a good solution or are there any other.