I'm implementing HTML sanitization for form fields, on the beforeSave() method of a model. But it doesn't work.
Example:
public function beforeSave()
{
$this->anAttribute = 'somevalue';
var_dump( $this->anAttribute );
}
somevalue
is actually outputted, but it never gets to the DB, so in between beforeSave() and save() the value is lost and what's saved is the original form field value.