normalize str take a possibly invalid utf-8 string and return a valid utf-8 string where invalid bytes have been replaced by the replacement character U+FFFD. The returned boolean is true if invalid bytes were found
Same as normalize plus some extra work : It encode '<' , '>' , '"' , '&' characters with corresponding entities and replaced invalid html character by U+FFFD