Does Yiii framework provide any request parameter security?

Does Yii perform any "security" operations on $_GET and/or $_POST parameters, and if so, where? Im referring to something like checking for XSS in query params, or stripping out HTML, or anything of that nature. I had thought this might occur in framework/web/Request.php but it seems the $app->request->get() simply returns $_GET as is.

Is this sort of security handled by form helper classes, models, or some other component?

No it doesn’t. Input filtering is on you as well as escaping output.