Yet it can be deceivingly difficult to properly encode (user) input

When processing untrusted user input for (web) applications, filter the input, and encode the output.

You don't "sanitize your output" you encode it for proper context within the application it is being presented. You encode the output for HTML, HTML Attribute, URL, JavaScript

When you output the data, you know the use case of the data. This knowledge allows you to safely sanitize the output data accordingly.

I would call this output encoding instead of sanitization

1- Validation: you “validate”, ie deem valid or invalid, data at input time. For instance if asked for a zipcode user enters “zzz43”, that’s invalid. At this point, you can reject or… sanitize. 2- sanitization: you make data “sane” before storing it. For instance if you want a zipcode, you can remove any character that’s not [0-9] 3- escaping: at output time, you ensure data printed will never corrupt display and/or be used in an evil way (escaping HTML etc…)

Process Substitution

Previously, intensity-dependent metabolic changes have been found with positron emission tomography and blood oxygen level dependent magnetic resonance imaging after TMS to motor/prefrontal cortex; bilateral motor/prefrontal and auditory activation is induced, which becomes stronger with increasing pulse intensity [Bohning et al.,1999,2000; Fox et al.,1997; Nahas et al.,2001; Siebner et al.,1999; Speer et al.,2003]. However, these results are not directly comparable with our EEG findings. Arising a few seconds poststimulus, metabolic changes reflect relatively long-lasting activity of interconnected neuronal networks, whereas we were interested in the TMS-evoked events that occurred within a fraction of a second.