Does anyone know where to get knowledge article that states, such that 

1. Out-of-the-box Outystems handles sanitization on input controls (e.g. textbox, dropdownlist, calendars, checkbox, radio button, etc). Outsystems clean up when inputs are injected with malicious scripts. No action required from developer.

2. Developers should do their own due diligence for handling CKeditor or InLine SQL statements, and should use Sanitization component for application security. Outsystems cannot sanitize malicious script for CKEditor or similar components.

This sanitization https://safe.menlosecurity.com/https://success.outsystems.com/documentation/11/reference/outsystems_apis/sanitization_api/ does not tell when to use. It just explains what it does. 

Appreciate if anyone can share such KA.