Hi Nikita, I would like to propose a deprecation of FILTER_SANITIZE_STRING. This is a very dubious filter that has almost no use. It removes NUL bytes, encodes single and double quotes in HTML, and removes anything between < and optional >. It does not function the same as strip_tags() as pointed out in this comment https://www.php.net/manual/en/filter.filters.sanitize.php#118186 It is also one of the only two filters using FILTER_FLAG_NO_ENCODE_QUOTES flag. I believe this function is very misleading especially to new users who are looking for a default string filter. The real default one is called FILTER_UNSAFE_RAW which sounds like something one should not use. While in reality, it is FILTER_SANITIZE_STRING that can damage your data and should not be used. This also includes the deprecation of FILTER_SANITIZE_STRIPPED which is just its alias.
Regards, Kamil
