Definition
Sanitization is the process of transforming untrusted input so it cannot cause harm when used in a privileged context. Where validation decides whether input is acceptable, sanitization makes it safe. A common example is HTML sanitization: stripping script tags and event handlers from a user-submitted message before embedding it in a page, so an attacker cannot inject JavaScript that runs in other users' browsers.
Different contexts need different sanitizers. Data heading into SQL needs parameterized queries (the best form of sanitization - the database does it for you). Data heading into an HTML page needs HTML escaping. Data heading into a shell command needs shell escaping. Using the wrong sanitizer for the context is how XSS vulnerabilities get shipped.
How SheetLinkWP relates to Sanitization
SheetLink Forms uses WordPress's built-in sanitizers at every ingestion point: sanitize_text_field for single-line text, sanitize_textarea_field for multi-line messages, sanitize_email for email fields, esc_url_raw for URLs, and absint for integers. Before serializing the submission to JSON and sending to the Apps Script webhook, every value is sanitized to match its declared field type. On the Apps Script side, values are written to Sheet cells using the built-in setValue API, which treats the string as literal text and cannot execute formulas (unless the leading character is an equal sign, which the plugin strips by default).