Hi

> Within your view, you, the developer, know your context, so it's up to
> you to define the escaping mechanism. We're just going to provide a sane
> default for the 80/20 use case.

Just for inspiration:
http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automatic.html
http://code.google.com/p/google-ctemplate/source/detail?r=32
http://code.google.com/p/nette/source/detail?r=150

-- 
Ondrej Ivanic
(ondrej.iva...@gmail.com)

Reply via email to