Anything that is passed as an argument to the methods that service the wiki application, can potentially damage the application. This may sound a bit pessimistic, but remember that when designing an application, you cannot rely on the goodwill of the public, especially when the application is accessible over the Internet and your public may consist of dimwitted search bots or worse.

We may limit the risks by granting the right to edit a page only to people we know by implementing some sort of authentication scheme, but we don't want even these people to mess up the appearance of a topic by inserting all sorts of HTML markup, references to images that do not exist or even malicious snippets of JavaScript. We therefore want to get rid of any unwanted HTML elements present in the content before we store it in the database, a process generally known as scrubbing.