I specifically said escaping!! I know about sanitization, I use it when I need to, but here I do not need to render HTML at all, stop recommending an inherently less safe option to people who just want to not render any HTML!
(I'm not particularly looking for recommendations here, `stringify-entities` and `html-escaper` both seem perfectly fine for my uses, but I guess if you have a different favorite knock yourself out)
That said, these kinds of things are helpful for imposter syndrome things because they remind me that oh yeah, you have learned a thing or two in the last decade of building things, hurrah!
And also yes, everyone needs to learn sometime, but if you're actively recommending sanitization to someone who is asking about escaping, you are making the web a less secure place, please read up and stop doing that. It's not a failure to not know, the internet is terrible and complicated, but if you're a web person please do take the opportunity to learn and grow!
Here are a couple good posts that cover things pretty well: