...
Logging unsanitized user input can also result in leaking sensitive data across a trust boundary, or storing sensitive data in a manner that is contrary to local law or regulation. See guideline rule IDS01-J. Sanitize untrusted data passed across a trust boundary for more details on input sanitization.
...
This compliant solution sanitizes the user name input before logging it. Refer to guideline rule IDS01-J. Sanitize untrusted data passed across a trust boundary for more details on input sanitization.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...