Code review comment for lp:~tblue/quam-plures/bug13_fix_credits_disp

I just have a few quick questions on this one:

Should we be formatting the output to allow all html or should we be restricting it to only allow a limited amount or none at all?

If it is to allow all html but not let it get messed up with bad encoding and/or bad html (as the description of the branch admittedly says) then all is cool and I can approve. However, I have just embedded a youtube video in the long description of a plugin which appears in the credits page via an iframe which seems a little wrong to me. I could embed anything in that iframe really.

Also, all of these things apply to the admin as well. None of the descriptions etc have the 'format_to_output' applied to them in the admin code. Admittedly it is not as bigger problem as the admin is limited in access but still - the youtube videos still display.