top | item 36090482

(no title)

1lint | 2 years ago

Ah okay I see now you were referring to failure to sanitize inputs/outputs in the original comment. I don't know if this oversight occurs more often when using string templating, but I'm pretty sure this was already a problem long before string templating came into practice.

discuss

yencabulator|2 years ago

It's literally the reason why HTML templating is done with other means than string concatenation, these days.