http://simonwillison.net/2007-04-15T20:28:48+00:00Simon Willison2007-04-15T20:28:48+00:002007-04-15T20:28:48+00:00https://simonwillison.net/2007/Apr/15/default/#atom-tag

<p><strong><a href="http://dtm.livejournal.com/33960.html">Most HTML templating languages are written incorrectly</a></strong></p> “If you ever find yourself in the position of designing an html template language, please make the default behavior when including variables be to HTML-escape them.” I couldn’t agree more. <p>Tags: <a href="https://simonwillison.net/tags/daniel-martin">daniel-martin</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/templating">templating</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>