Use URLEncode and URLDecode intrinsics to sanitize user input.
URLEncode
The UrlEncode method converts certain characters in a string to escape characters representing the UTF-8 encoding of the character. All characters are converted except for A-Z a-z 0-9 ; , / ? : @ & = + $ - _ . ! ~ * ' ( ) #.
See Unicode Intrinsic Functions - UrlEncode Method.
URLDecode
The UrlDecode method converts UTF-8 escaped characters back to their native equivalent.