Simon Willison’s Weblog

XSS. Sanitising HTML is an extremely hard problem. The sanitize helper that ships with Rails is completely broken; Jacques Distler provides a better alternative.

Posted 12th March 2007 at 12:34 am

Recent articles

Claude Sonnet 4.5 is probably the "best coding model in the world" (at least for now) - 29th September 2025
I think "agent" may finally have a widely enough agreed upon definition to be useful jargon now - 18th September 2025
My review of Claude's new Code Interpreter, released under a very confusing name - 9th September 2025

jacques-distler 1 rails 72 security 549 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe