Simon Willison’s Weblog

Items tagged xss, security, templating, danielmartin

Filters: xss × security × templating × danielmartin ×


Most HTML templating languages are written incorrectly. “If you ever find yourself in the position of designing an html template language, please make the default behavior when including variables be to HTML-escape them.” I couldn’t agree more. # 15th April 2007, 8:28 pm

Types

Years

Tags