No matter how hard you try, Facebook strips or text-renders any HTML code you inject into a message. You can put HTML code in Facebook messages, but it's going to come out looking like code on the other end instead of changing the text appearance. Facebook has restricted HTML input in messages as far back as the initial developer API.
Using HTML on Facebook
Your HTML skills aren't useless on Facebook; they're just not very useful. You can use HTML functions to images and links in messages by clicking the "Add Files" or "Add Photos" button and by pasting a URL. Users can use some basic markup in the Notes feature to format text with bold, italics and underlines and to organize lists. Before Facebook's email and messages clients merged, it was possible to include HTML markup in an email on Facebook, but at the time of publication, the Expand feature used to view HTML-formatted emails is no longer available.
Concerns on the Back End
Users who inject broken code cause problems for any website. A missed closing tag or quotation mark can ravage a Web page's format and disable interactive features. Advanced features like scripts open the site up for cross-site scripting, which is a major security concern.