Sanitize before db storage?

Oct 22, 2011 at 11:39 PM

Hi, according to this Web Protection Library (antixss) presentation: http://view.officeapps.live.com/op/view.aspx?src=http://media.ch9.ms/teched/na/2011/ppt/DEV333.pptx we are suppose to sanitize our data before it is saved in the database. However, using the Sanitizer.GetSafeHtmlFragment will change the & character to & which then renders uncorrectly when outputting the text on a website using Encoder.HtmlEncode.

Should we use the sanitizer before storage to the db?