I don’t think it is a job for SummerNote to strip harmful code, it is something that you should do on the server-side. SummerNote does not generate harmful code, in most cases harmful code is being posted to your server by bypassing the form. You probably want to create a custom server action that will cleanup the html before inserting it in the database.