As taken from the previous example of form injection, HTML is stored without problems within the database server, yet in display of the submission section, the characters necessary for HTML display-- < and >-- are transformed into their charactorial counter-parts. Thus, the actual transformation to protect the site from additional HTML is done entirely server-side every time a page is generated. With numerous repetitions of these characters, it's possible to put undue stress on the server.