Data Sanitation

Quick opinion question for you:

When you're instantiating an object based on unsafe input from a form in a loosely-typed language, do you leave the sanitation up to the form handler, or to the object?

Ex:

p = new Pokemon();
p.name = sanitize(form.name);
vs.
p = new Pokemon();
p.setName(form.name); // sanitizing code in the method

>>1
IMHO first example breaks encapsulation, because external functions need to know, what data may be valid or not for Pokemon class. Should this information be part of delivered interface?