Sanitizing user input is important to prevent potential security vulnerabilities such as cross-site scripting (XSS) attacks. In Shopware 6 there's a filter sw_sanitize for that. In the templates they mostly use it for translated snippets like detail.productNumberLabel. When digging in the templates one can see that for a lot of entity properties, sanitizing is skipped, for example with page.product.translated.name. What's the thinking about this? IMO these values should also be sanitized but maybe I am missing something?
The product name is of type StringField, as you can see in the ProductTranslationDefinition. Those fields are sanitized automatically within the StringFieldSerializer, which is calling the sanitize method of the AbstractFieldSerializer.
The "productNumberLabel" on the other side is a snippet which could be overwritten by the merchant. So it needs to be made sure, that it is sanitized correctly, while it is displayed.