You can now enable sanitization on text and input fields.
Sanitize will escape special characters, so that you are not vulnerable to XSS attacks.
It is especially useful when you bind a text to data provided by the user that is destined to update your database, i.e. an input. For example a contact form.
The option is not active by default because sometimes you want these characters to be interpreted, for example making part of the text bold with markup.