User Input Filtering (XSS, Injection etc)

I’ve searched the forum regarding XSS and user input filtering and although I “understood” there is no need to filter user input (except for sql injection) I’m quite unsure it’s 100% safe. Can someone explain in detail why and what needs to be taken care in terms of user input?

I’m basing my statement above on