Should we use input sanitation to escape special characters on passport js callback routes?
I'm specifically utilizing the magic-link and microsoft strategies, but this question would apply to any query param based callback route. I wasn't sure if legitimate verification params ever contain special characters; or if passport is already effectively handling all required sanitation. Thank you.