I think it should be an option when declaring the field. For now you can add a filter like this:
add_filter('acf/update_value', function ($value, $id, $field) {
// Decide whether you want to sanitize based on $id or $field
// In my case, I just wanted to sanitize the user fields
if (strpos($id, 'user_') !== 0)
{
return $value;
}
return sanitize_text_field($value);
}, 10, 3);
Hope this helps until it has been properly fixed.
