Fuel takes security very serious, and as a result, has implemented the following measures to ensure the safety of your web applications :
* Output encoding
* CSRF protection
* XSS filtering
* Input filtering
* SQL injection
By default, Fuel doesn't filter POST and GET variables on input, and encodes everything on output. Fuel also encodes the URI to prevent nasty surprises when using URI segments, and escapes everything going into the database.
