Is there any point to pass information read frm a db through AntiXSS filters if the only way they could be saved to the db in the first place was going through an AntiXSS filter? I have dynamic pages that pull information from a db and that information was submitted by other users and before being saved to the db all the input was passed through and confirmed by AntiXSS filters. I don' really see a point to putting the information through the filters again once the dynamic page is populated fromo the db?
↧