Simon Willison’s Weblog

XSS. Sanitising HTML is an extremely hard problem. The sanitize helper that ships with Rails is completely broken; Jacques Distler provides a better alternative.

Posted 12th March 2007 at 12:34 am

Recent articles

Cooking with Claude - 23rd December 2025
Your job is to deliver code you have proven to work - 18th December 2025
Gemini 3 Flash - 17th December 2025

jacques-distler 1 rails 74 security 570 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe