A sanitizer is a program that will:
This is to avoid script injection and should be used on the server side (ie not client) to validate/transform all inputs.
<math><mi//xlink:href="data:x,<script>alert(4)</script>">
<math><mi></mi></math>
<TABLE><tr><td>HELLO</tr></TABL>
<UL><li><A HREF=//google.com>click</UL>
<table><tbody><tr><td>HELLO</td></tr></tbody></table>
<ul><li><a href="//google.com">click</a></li></ul>