I just used session as an example, because I figured it to be the best place for the middleware.
When I used mongostore as my session store, everything I put into the ring session was put into the database.
Is it not suppose to work like that?
I used session as an example because of the interaction with the database.
If it is suppose to work like that, in the session you can enter different types of information. If you have a cookie store, you will probably only enter a ID, not personal information. However, if I use a database session store I can store any information about that user, because it's not available to the client.
Some information may be copied from the user's (table/document) into the session (table/document), and used from there to reference the user from then on.
Knowing that information is coming from the database, I'm now at a point where I'm about to insert that data into some page to display to the user. Right before I put it on the page I want to escape it.
In any case, I only used session as an example.
I'm just trying to see if there's some automated way to perform escaping because I don't think manual escaping is the best way. Without control over template libraries, I just though maybe some way in middleware.
What do you think the best approach is?
Thanks