Client data, and truly any foreign data, should never be trusted. Many XSS vulnerabilities exist because of a complete lack of data filtering. Don't let this be you.