Blocking HTML in Forms (XSS Prevention)
Attackers often inject Javascript and HTML into forms to gain access to admin areas, exfiltrate data from other users, or delete resources on your site.
This rule catches forms that contain HTML and Javascript at the WAF level before they're pushed into your application. This is disabled by default, as you may currently be depending on this in your application.