Categories
Posts

Secure Handlebars

Even JavaScript needs to deal with escaping content for the web. The hard, but ideal, approach is to automatically escape data with the proper context. With that in mind I started reading about Secure Handlebars from Yahoo, which claims:

Automatic Contextual XSS Escaping made robust, easy, and fast

They support automatic escaping for HTML, HTML comments, HTML attributes, URI ( in HTML Attribute ), and CSS ( in HTML Attributes ) contexts.