Hi > Within your view, you, the developer, know your context, so it's up to > you to define the escaping mechanism. We're just going to provide a sane > default for the 80/20 use case.
Just for inspiration: http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automatic.html http://code.google.com/p/google-ctemplate/source/detail?r=32 http://code.google.com/p/nette/source/detail?r=150 -- Ondrej Ivanic (ondrej.iva...@gmail.com)