Don’t try to sanitize input
Every so often developers talk about “sanitizing user input” to prevent cross-site scripting attacks. This is well-intentioned, but leads to a false sense of security, and sometimes mangles perfectly good input.
Source: Don’t try to sanitize input. Escape output., an article by Ben Hoyt.