Ah okay I see now you were referring to failure to sanitize inputs/outputs in th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		1lint on May 26, 2023 \| parent \| context \| favorite \| on: That people produce HTML with string templates is ... Ah okay I see now you were referring to failure to sanitize inputs/outputs in the original comment. I don't know if this oversight occurs more often when using string templating, but I'm pretty sure this was already a problem long before string templating came into practice.

yencabulator on May 27, 2023 [–]

It's literally the reason why HTML templating is done with other means than string concatenation, these days.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact