When producing HTML output from user-generated input, it's extremely important to properly escape strings to prevent XSS attacks.

HTML escape URL escape URL parameter escape
Perl core CGI::escapeHTML() CGI::Util::escape() CGI::Util::simple_escape()
Perl + LWP URI::Escape
Perl + Plack Plack::Util::encode_html() URI::Escape
Perl + Dancer Dancer::Error::_html_encode()
PHP htmlentities() urlencode() ?
Javascript 3rd-party function needed encodeURI() encodeURIComponent()

other escaping