CakePHP's page on Data Santiziation states one should store possibly raw HTML from user input in one's database and sanitize at time of output:
For sanitization against XSS its generally better to save raw HTML in database without modification and sanitize at the time of output/display.
Why would it be preferable to store (potentially dangerous) HTML in one's database and only sanitize it for output? Wouldn't sanitizing first result in smaller storage while yielding the same function?
The only reason I can see where you would store raw HTML like this is if some pages were to sanitize the output, and some pages either did not santitize the output or were more or less strict about it than other pages.