Sanitize before db storage?

Oct 22, 2011 at 11:39 PM

Hi, according to this Web Protection Library (antixss) presentation: we are suppose to sanitize our data before it is saved in the database. However, using the Sanitizer.GetSafeHtmlFragment will change the & character to & which then renders uncorrectly when outputting the text on a website using Encoder.HtmlEncode.

Should we use the sanitizer before storage to the db?