Please have a (extra careful) look at his updated version that uses a whitelist based approach which is indeed much preferable.
Please have a (extra careful) look at his updated version that uses a whitelist based approach which is indeed much preferable.