Simon Willison’s Weblog

18th December 2021

TIL Safely outputting JSON — Carelessly including the output of `json.dumps()` in an HTML page can lead to an XSS hole, thanks to the following:

Posted 18th December 2021 at 1:06 am

Recent articles

Two new Showboat tools: Chartroom and datasette-showboat - 17th February 2026
Deep Blue - 15th February 2026
The evolution of OpenAI's mission statement - 13th February 2026

This is a beat by Simon Willison, posted on 18th December 2021.

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe