The Shell Was Not The Sink

A sanitization function is named, implemented, and documented for one interpreter (the POSIX shell, an HTML renderer, a SQL dialect) and applied uniformly to inputs that flow into a different interpreter with different parsing rules. The quote-wrap survives the named sink intact, then is fed via pipe, stdin, embedded call, or template into the actual sink, which sees a literal character the wrap was not designed to neutralise. The function's name encodes the threat model the developer was thinking about; the destination encodes the one they were not.