Dan Sommers wrote: <snip>
I know what sanitize means (in English and in the technical sense I believe you intend here), but can you provide some context and actual use cases? Sanitize on input so that your application code doesn't "accidentally" spit out the contents of /etc/shadow? Sanitize on output so that your code doesn't produce syntactically broken links in an HTML document or weird results in an xterm? Sanitize in both directions for safe round tripping to a database server?
I'm thinking of this specifically in terms of sanitizing input, assuming that later usage of the value might or might not properly protect against potential vulnerabilities. This is also limited to the case where the value is supposed to be a single path referring to an entry within a single directory context.