Categories
Posts

Context Escaping

Anthony Ferrara taking on the painful process of automatically determining the correct context for escaping data in templates:

Imagine being able to put a variable in a JavaScript string in your template, and have the engine transparently encode it correctly for you. Awesome, right?

From Tries and Lexers.

The best attempt I’ve seen at this XHP.