Sanitization is the process of removing or neutralizing harmful code and invalid strings from user input data. It is one of the most fundamental security measures in web application development.

In XSS (Cross-Site Scripting) attacks, malicious JavaScript code is embedded in web pages through user input. Sanitization can neutralize dangerous elements like <script> tags. Web security fundamentals books provide systematic coverage of these techniques.

Sanitization methods include HTML escaping (converting special characters to entity references), whitelist approaches (allowing only permitted characters), and blacklist approaches (removing prohibited patterns).

From a character count perspective, sanitization can change string length. For example, when < is converted to <, one character becomes four. Secure coding practices books offer additional guidance.