Where are you seeing that? The advice I can see talks about escaping HTML rather than blacklisting input validation: https://www.hacksplaining.com/prevention/xss-stored
Unfortunately it doesn't discuss escaping Javascript nor CSS. But it least it covers the most common case.
Where are you seeing that? The advice I can see talks about escaping HTML rather than blacklisting input validation: https://www.hacksplaining.com/prevention/xss-stored
Unfortunately it doesn't discuss escaping Javascript nor CSS. But it least it covers the most common case.