We tried this same solution six months ago. It works, ish, but it can still be circumvented. It’s not foolproof enough to trust with any situation where you need real security / confidentiality.

If you haven’t played Gandalf try it out. It will teach you how to craft attacks against these kinds of strategies.

Do not mix code and input data.

Once they explained the problem I instantly thought this would be a great job for a LLM haha

The technology worked great, but let me tell you, no amount of regular expressions stands a chance against a 15 year old trying to text the word “penis” onto the Jumbotron.