Vulnerability Disclosure Contact

However, I find the usage of a custom value converter to be less disruptive (limited scope).

Actually @Sayan751, your approach of registering the custom Sanitizer class is exactly what that particular extension point was meant for. You could say it’s way it was intended to be used.

Put it this way: we’re not including a proper sanitizer by default because it would drag in a dependency of non-negligible size for something that most people don’t use. The default class is little more than a stub in that sense.
But if you do include such dependency, you might as well utilize it to the fullest by making it the default sanitizer. I cannot imagine many scenarios where you have the dependency included, but still want to use the framework default in a certain case.

2 Likes