* header -> HTML/XML sanitization