The sanitizer does not differentiate between malformed JSON sent by attackers or those originating from developer error. So it’s helpful in both cases but let me explain.
The time saving point is that as your developing your application depending upon the tools you use to transform JSON it may be more or less easy to make mistakes. Finding mistakes in your JSON is time consuming and detail oriented work. JSON is a little easier to read than XML but it’s little comfort with large or complex documents. The sanitizer saves time since it corrects errant JSON making it well-formed. I found this behavior useful during development to alert to problems during development and perhaps even post deployment. Consider the following code fragment,