When it comes to security, the answer is always both/all/everything so long as you have the time.
They are both beneficial in their own right.
I'd argue CSP is more beneficial long term, but I'm highly biased.
EDIT based on completely valid comment
CSP is not supported by all user agents, whereas anti-sammy is user-agent agnostic.