What's the meaning of javascript: substring ?

substring is a string that is part of another string. The term isn't specific to JavaScript. The term is used in reference to many different programming languages including Java, c, c++, Python... "bobby" contains "bob". "bob" is therefore a substring of "bobby". "by" is another substring of "bobby". "how to use it for bypass input sanitization?" doesn't make a complete sense to me but I'll make a few related comments: "sanitization" usually refers to cleaning up an input value. For example, if the value was a name, you probably won't want leading and trailing spaces so you might trim those off before the next step of processing inputs. In JavaScript, this could by calling name.trim() assuming variable name stored someone's name. This would return a substring without the leading and trailing whitespaces. For example, " Bobby ".trim() === "Bobby". Relating back to your previous questions, "Bobby" is a substring of " Bobby ".