Does Yii perform any "security" operations on $_GET and/or $_POST parameters, and if so, where? Im referring to something like checking for XSS in query params, or stripping out HTML, or anything of that nature. I had thought this might occur in framework/web/Request.php but it seems the $app->request->get() simply returns $_GET as is.
Is this sort of security handled by form helper classes, models, or some other component?