You can trap errors with eval,

    eval { $_[0] ||= 'anonymous' };
    return if $@;
[download]

where the eval braces are used to precompile the expression.

Since these errors are really from misusing the sanitize() API, perhaps it would be better to perl prototype it, to convert the error to compile-time. A prototype of (\$\$\$) would work for the way you have the function written.

There is no need, however, for you to act on variables outside the function. If you just start the sub with     my ($user, $url, $body) = @_; and write the remainder on those variables, then you are guaranteed that all three are writable and no testing is required.