What would be the difference in how you would handle this in a single-page JS app like Trello versus a traditional Java/Python/Ruby-based multi-page backend that mostly serves HTML pages?
It seems like at the end of the day you still need to validate and sanitize user input before doing anything with it.
I was inquiring more about the backend js use in node and mongo.
You might, for instance, find that simply sanitizing user input isn't enough when you're using the same interpreted language at multiple stages. If an attacker could cause the right front end code to be executed on the app server, or backend code to be executed in the database you could potentially compromise a lot.
It seems like at the end of the day you still need to validate and sanitize user input before doing anything with it.