[eluser]sorenchr[/eluser]
XSS cleaning, escaping characters etc. do you do it in the controller and then pass it to the model, or is your controller passive and lets the models handle the job?
I'm thinking in terms of code usability here, which method do you prefer?