undefined | Better HN

0 pointskazinator1y ago0 comments

If you don't know where it will be rendered, you have no idea what escape syntax to use. If the field can end up in JSON, CSV, SQL, HTML, ... are you going to try escape it for all of them at once?

This idea of escaping input worse than sanitizing input (what the article says not to do).

0 comments

No comments yet.

0 pointskazinator1y ago0 comments

If you don't know where it will be rendered, you have no idea what escape syntax to use. If the field can end up in JSON, CSV, SQL, HTML, ... are you going to try escape it for all of them at once?

This idea of escaping input worse than sanitizing input (what the article says not to do).

0 comments

No comments yet.