I've been saying the same for at least a decade, e.g. in https://palant.de/2016/...

		palant on Feb 27, 2020 \| parent \| context \| favorite \| on: Don’t try to sanitize input – escape output I've been saying the same for at least a decade, e.g. in https://palant.de/2016/03/02/why-you-should-go-with-secure-b.... It's ridiculous that somebody still has to explain it.