基本上，当前的代码清理基于黑名单，这是一种不好的做法.

Basically the current code sanitization is based on a blacklist which is a bad practice.

在这种情况下，您无需清理，而对输入的内容进行编码.

In this specific case you don't need to sanitize but rather Encode the incoming input.

ASP.Net输入验证也基于也不是安全的黑名单.

The ASP.Net Input validation in also based on blacklist which is also not secure.