For this specific issue to be relevant, your sanitizer would have to assume that a particular string is not a valid javascript identifier when in fact it is, and that changes the semantic meaning from something that is safe to embed directly into something that is not.
Unless you're trying to parse Javascript and see whether it's safe to embed, it's not really relevant. XSS attacks are dealt with by escaping the special characters that can change the context in which something is interpreted (e.g. " changing the context from "contents of a string" to "javascript code", or < changing the context from "text on a page" to "an html tag").
Unless you're trying to parse Javascript and see whether it's safe to embed, it's not really relevant. XSS attacks are dealt with by escaping the special characters that can change the context in which something is interpreted (e.g. " changing the context from "contents of a string" to "javascript code", or < changing the context from "text on a page" to "an html tag").