Sanitizing User Enter Data or Internal Arguments

I’m using tokens to refer to certain things, so:
{{selection}} gets the value of text selected by the user, {{clipboard}} is the content of the clipboard,{{zzpopup + some arguments }} uses prompt to get user input, and {{makeList + some arguments }} generates a list.

I figured that these strings were unique enough that it would not cause a problem, but as I have been working, I have frequently had portions of the code, containing these tags, in my clipboard, or selected, and so what should just be a text string is executed as a lookup or a command.

Given my experience, I have come to realize that this occurrence would be far more common that I had previously thought.

So, either I need to change the delimiters in my tags {{, }}, and ##, into something else before executing them, or do this with the value of the selection, clipboard.

I am inclined to do this to the variables holding the selected string and the contents of the clipboard through a simple replace function where I would replace the delimiters above with a non-printing code, and then replace it back as a last step.

My question is:

  • What 3 non printing characters should I use, as they would have to be supported across all of the operating systems and languages. (it could also be an arbitrary string of some kind, like xyzzyxyzzyxyzzyzork.)
  • Is there another technique that you would recommend?