I'm currently developing a web application with Nest.JS as backend framework.I would like to sanitize values to avoid potential XSS attacks (package sanitize-html).
Should I put sanitization on a global middleware to clean strings as soon as I can (headers, body and query) OR in association with my ORM (TypeORM) because it is the deepest level. But this could lead to some data incoherency between what I want to save and what there is in database.
Thank you.