So sanitizing the input is not sufficient, because someone using the APIs can potentially push dangerous names directly that way. So best approach is to make sure any values coming out are not left as raw HTML.
So sanitizing the input is not sufficient, because someone using the APIs can potentially push dangerous names directly that way. So best approach is to make sure any values coming out are not left as raw HTML.