Simon Willison’s Weblog

Blogmarks tagged django, autoescaping, rails, xss in Dec, 2007

Filters: Type: blogmark × Year: 2007 × Month: Dec × django × autoescaping × rails × xss ×


Why the h can’t Rails escape HTML automatically? It would be a pretty huge change, but auto-escaping in Rails 2.0 could close up a lot of accidental XSS holes. # 1st December 2007, 8:34 pm

Types

Years

Months

Tags