reecardo is correct - but the challenge with sanitizing is that if you disregard the context, you'll strip values from what is actually a valid string. let's say that my incident description is this:
"I need a technician to come work on my computer anytime <16:00 tomorrow."
So building a sanitizing model will take more effort than just saying "that character is bad in some contexts, so if it contains that character, strip it out".
Otherwise someone shows up to repair my computer at 16:00, when I'm walking out the door. The problem is that <16:00 is valid (and will not throw an error).
The error is thrown when the server believes "code" such as javascript or html is being passed in. So in order to sanitize your forms, you'll need to account for any script that will throw the error.
<(any a-z character)
<!
</
<?
&#
http://stackoverflow.com/questions/11370415/how-to-check-if-string-will-fire-a-potentially-dangerous-request-form-value-was
You'll also need to sanitize the string BEFORE the page posts - so with javascript or an embedded model of some kind.