Section "Sanitization" should be under "Output Encoding", not "Input Validation" #90
Description
The section "Sanitization" talks about what needs to be done to safely display user submitted content, which doesn't actually have anything to do with "Input Validation", despite being a part of that chapter.
Having this section in the wrong place can mislead developers and give them a false sense of security ("I don't need to worry about XSS, because I've removed the HTML stuff").
I suggest moving the "Sanitization" section to the "Output Encoding" chapter, probably renaming it to something like "HTML".