To reduce XSS risks in user-generated content, whitelist only essential tags like <b>, <i>, <p>, <ul>, <ol>, <li>, <a>, and restrict <a> to attributes like href, title, and target with safe URL patterns. Avoid tags and attributes that allow JavaScript execution, such as <script> and onclick, and limit CSS properties if the style attribute is allowed.