rocknbil - 5:12 pm on Nov 15, 2011 (gmt 0)
where it's just a name in square brackets, that could cause issues coupled with your sanitisation.
No - the substitution in the template takes place long after input has been cleansed. For example, this forum, and others, using the [phpBB syntax], that all gets parsed out and put into a chunk, say, $content, and $content replaces [CONTENT]. just in the template output function.