Out of the box, it comes with a standard setup (oXssSanitizerStandard) which should cover most cases for the majority of users. It is however highly configurable, featuring several sanitize modes as well as being able to specify what to allow or block.
Within Web Applications, it is often possible for a user to enter freeform text via webforms. This text gets sent to the server, where it is processed further like being saved. Often, this user input is then shown in other parts of the application, like a name, description, biography, reply, etc.